August 2016 - openSUSE Security Announce

[security-announce] openSUSE-SU-2016:2144-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 24 Aug '16

24 Aug '16

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2144-1 Rating: important References: #901754 #941113 #942702 #945219 #955654 #957052 #957988 #959709 #960561 #961512 #963762 #963765 #966245 #966437 #966693 #966849 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968018 #968670 #969354 #969355 #970114 #970275 #970892 #970909 #970911 #970948 #970955 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #971628 #971799 #971919 #971944 #972174 #973378 #973570 #974308 #974418 #974646 #975945 #978401 #978445 #978469 #978821 #978822 #979021 #979213 #979548 #979867 #979879 #979913 #980348 #980363 #980371 #980725 #981267 #982706 #983143 #983213 #984464 #984755 #984764 #986362 #986365 #986377 #986572 #986573 #986811 Cross-References: CVE-2012-6701 CVE-2013-7446 CVE-2014-9904 CVE-2015-3288 CVE-2015-6526 CVE-2015-7566 CVE-2015-8709 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2015-8830 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-5244 CVE-2016-5829 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 53 vulnerabilities and has 28 fixes is now available. Description: The openSUSE 13.2 kernel was updated to fix various bugs and security issues. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here (bnc#959709 960561 ). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572 986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362 986365 986377). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755 984764). - CVE-2015-6526: The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms allowed local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace (bnc#942702). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018). - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - ALSA: seq: Fix double port list deletion (bsc#968018). - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018). - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Code cleanup (bsc#968018). - ALSA: timer: Fix leftover link at closing (bsc#968018). - ALSA: timer: Fix link corruption due to double start or stop (bsc#968018). - ALSA: timer: Fix race between stop and interrupt (bsc#968018). - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849). - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849). - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849). - Btrfs: do not use src fd for printk (bsc#980348). - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly. Fix the build error on 32bit architectures. - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates on /proc/xen/xenbus (bsc#970275). - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982706). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - backends: guarantee one time reads of shared ring contents (bsc#957988). - btrfs: do not go readonly on existing qgroup items (bsc#957052). - btrfs: remove error message from search ioctl for nonexistent tree. - drm/i915: Fix missing backlight update during panel disablement (bsc#941113 boo#901754). - enic: set netdev->vlan_features (bsc#966245). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipvs: count pre-established TCP states as active (bsc#970114). - net: core: Correct an over-stringent device loop detection (bsc#945219). - netback: do not use last request to determine minimum Tx credit (bsc#957988). - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY. - pciback: Save the number of MSI-X entries to be copied later. - pciback: guarantee one time reads of shared ring contents (bsc#957988). - series.conf: move cxgb3 patch to network drivers section - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464). - x86: standardize mmap_rnd() usage (bnc#974308). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1015=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bbswitch-0.8-3.20.3 bbswitch-debugsource-0.8-3.20.3 bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3 cloop-2.639-14.20.3 cloop-debuginfo-2.639-14.20.3 cloop-debugsource-2.639-14.20.3 cloop-kmp-default-2.639_k3.16.7_42-14.20.3 cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3 cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3 cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3 cloop-kmp-xen-2.639_k3.16.7_42-14.20.3 cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3 crash-7.0.8-20.3 crash-debuginfo-7.0.8-20.3 crash-debugsource-7.0.8-20.3 crash-devel-7.0.8-20.3 crash-doc-7.0.8-20.3 crash-eppic-7.0.8-20.3 crash-eppic-debuginfo-7.0.8-20.3 crash-gcore-7.0.8-20.3 crash-gcore-debuginfo-7.0.8-20.3 crash-kmp-default-7.0.8_k3.16.7_42-20.3 crash-kmp-default-debuginfo-7.0.8_k3.16.7_42-20.3 crash-kmp-desktop-7.0.8_k3.16.7_42-20.3 crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_42-20.3 crash-kmp-xen-7.0.8_k3.16.7_42-20.3 crash-kmp-xen-debuginfo-7.0.8_k3.16.7_42-20.3 hdjmod-debugsource-1.28-18.21.3 hdjmod-kmp-default-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-default-debuginfo-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-desktop-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-xen-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_42-18.21.3 ipset-6.23-20.3 ipset-debuginfo-6.23-20.3 ipset-debugsource-6.23-20.3 ipset-devel-6.23-20.3 ipset-kmp-default-6.23_k3.16.7_42-20.3 ipset-kmp-default-debuginfo-6.23_k3.16.7_42-20.3 ipset-kmp-desktop-6.23_k3.16.7_42-20.3 ipset-kmp-desktop-debuginfo-6.23_k3.16.7_42-20.3 ipset-kmp-xen-6.23_k3.16.7_42-20.3 ipset-kmp-xen-debuginfo-6.23_k3.16.7_42-20.3 kernel-default-3.16.7-42.1 kernel-default-base-3.16.7-42.1 kernel-default-base-debuginfo-3.16.7-42.1 kernel-default-debuginfo-3.16.7-42.1 kernel-default-debugsource-3.16.7-42.1 kernel-default-devel-3.16.7-42.1 kernel-ec2-3.16.7-42.1 kernel-ec2-base-3.16.7-42.1 kernel-ec2-devel-3.16.7-42.1 kernel-obs-build-3.16.7-42.2 kernel-obs-build-debugsource-3.16.7-42.2 kernel-obs-qa-3.16.7-42.1 kernel-obs-qa-xen-3.16.7-42.1 kernel-syms-3.16.7-42.1 libipset3-6.23-20.3 libipset3-debuginfo-6.23-20.3 pcfclock-0.44-260.20.2 pcfclock-debuginfo-0.44-260.20.2 pcfclock-debugsource-0.44-260.20.2 pcfclock-kmp-default-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-default-debuginfo-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-desktop-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_42-260.20.2 python-virtualbox-5.0.20-48.5 python-virtualbox-debuginfo-5.0.20-48.5 vhba-kmp-debugsource-20140629-2.20.2 vhba-kmp-default-20140629_k3.16.7_42-2.20.2 vhba-kmp-default-debuginfo-20140629_k3.16.7_42-2.20.2 vhba-kmp-desktop-20140629_k3.16.7_42-2.20.2 vhba-kmp-desktop-debuginfo-20140629_k3.16.7_42-2.20.2 vhba-kmp-xen-20140629_k3.16.7_42-2.20.2 vhba-kmp-xen-debuginfo-20140629_k3.16.7_42-2.20.2 virtualbox-5.0.20-48.5 virtualbox-debuginfo-5.0.20-48.5 virtualbox-debugsource-5.0.20-48.5 virtualbox-devel-5.0.20-48.5 virtualbox-guest-kmp-default-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-guest-tools-5.0.20-48.5 virtualbox-guest-tools-debuginfo-5.0.20-48.5 virtualbox-guest-x11-5.0.20-48.5 virtualbox-guest-x11-debuginfo-5.0.20-48.5 virtualbox-host-kmp-default-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-desktop-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-qt-5.0.20-48.5 virtualbox-qt-debuginfo-5.0.20-48.5 virtualbox-websrv-5.0.20-48.5 virtualbox-websrv-debuginfo-5.0.20-48.5 xen-debugsource-4.4.4_02-46.2 xen-devel-4.4.4_02-46.2 xen-libs-4.4.4_02-46.2 xen-libs-debuginfo-4.4.4_02-46.2 xen-tools-domU-4.4.4_02-46.2 xen-tools-domU-debuginfo-4.4.4_02-46.2 xtables-addons-2.6-22.3 xtables-addons-debuginfo-2.6-22.3 xtables-addons-debugsource-2.6-22.3 xtables-addons-kmp-default-2.6_k3.16.7_42-22.3 xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_42-22.3 xtables-addons-kmp-desktop-2.6_k3.16.7_42-22.3 xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_42-22.3 xtables-addons-kmp-xen-2.6_k3.16.7_42-22.3 xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_42-22.3 - openSUSE 13.2 (i686 x86_64): kernel-debug-3.16.7-42.1 kernel-debug-base-3.16.7-42.1 kernel-debug-base-debuginfo-3.16.7-42.1 kernel-debug-debuginfo-3.16.7-42.1 kernel-debug-debugsource-3.16.7-42.1 kernel-debug-devel-3.16.7-42.1 kernel-debug-devel-debuginfo-3.16.7-42.1 kernel-desktop-3.16.7-42.1 kernel-desktop-base-3.16.7-42.1 kernel-desktop-base-debuginfo-3.16.7-42.1 kernel-desktop-debuginfo-3.16.7-42.1 kernel-desktop-debugsource-3.16.7-42.1 kernel-desktop-devel-3.16.7-42.1 kernel-ec2-base-debuginfo-3.16.7-42.1 kernel-ec2-debuginfo-3.16.7-42.1 kernel-ec2-debugsource-3.16.7-42.1 kernel-vanilla-3.16.7-42.1 kernel-vanilla-debuginfo-3.16.7-42.1 kernel-vanilla-debugsource-3.16.7-42.1 kernel-vanilla-devel-3.16.7-42.1 kernel-xen-3.16.7-42.1 kernel-xen-base-3.16.7-42.1 kernel-xen-base-debuginfo-3.16.7-42.1 kernel-xen-debuginfo-3.16.7-42.1 kernel-xen-debugsource-3.16.7-42.1 kernel-xen-devel-3.16.7-42.1 - openSUSE 13.2 (x86_64): xen-4.4.4_02-46.2 xen-doc-html-4.4.4_02-46.2 xen-kmp-default-4.4.4_02_k3.16.7_42-46.2 xen-kmp-default-debuginfo-4.4.4_02_k3.16.7_42-46.2 xen-kmp-desktop-4.4.4_02_k3.16.7_42-46.2 xen-kmp-desktop-debuginfo-4.4.4_02_k3.16.7_42-46.2 xen-libs-32bit-4.4.4_02-46.2 xen-libs-debuginfo-32bit-4.4.4_02-46.2 xen-tools-4.4.4_02-46.2 xen-tools-debuginfo-4.4.4_02-46.2 - openSUSE 13.2 (noarch): kernel-devel-3.16.7-42.1 kernel-docs-3.16.7-42.2 kernel-macros-3.16.7-42.1 kernel-source-3.16.7-42.1 kernel-source-vanilla-3.16.7-42.1 virtualbox-guest-desktop-icons-5.0.20-48.5 virtualbox-host-source-5.0.20-48.5 - openSUSE 13.2 (i586): bbswitch-kmp-pae-0.8_k3.16.7_42-3.20.3 bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_42-3.20.3 cloop-kmp-pae-2.639_k3.16.7_42-14.20.3 cloop-kmp-pae-debuginfo-2.639_k3.16.7_42-14.20.3 crash-kmp-pae-7.0.8_k3.16.7_42-20.3 crash-kmp-pae-debuginfo-7.0.8_k3.16.7_42-20.3 hdjmod-kmp-pae-1.28_k3.16.7_42-18.21.3 hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_42-18.21.3 ipset-kmp-pae-6.23_k3.16.7_42-20.3 ipset-kmp-pae-debuginfo-6.23_k3.16.7_42-20.3 pcfclock-kmp-pae-0.44_k3.16.7_42-260.20.2 pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_42-260.20.2 vhba-kmp-pae-20140629_k3.16.7_42-2.20.2 vhba-kmp-pae-debuginfo-20140629_k3.16.7_42-2.20.2 virtualbox-guest-kmp-pae-5.0.20_k3.16.7_42-48.5 virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-pae-5.0.20_k3.16.7_42-48.5 virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5 xtables-addons-kmp-pae-2.6_k3.16.7_42-22.3 xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_42-22.3 - openSUSE 13.2 (i686): kernel-pae-3.16.7-42.1 kernel-pae-base-3.16.7-42.1 kernel-pae-base-debuginfo-3.16.7-42.1 kernel-pae-debuginfo-3.16.7-42.1 kernel-pae-debugsource-3.16.7-42.1 kernel-pae-devel-3.16.7-42.1 References: https://www.suse.com/security/cve/CVE-2012-6701.html https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2015-6526.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-8709.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2015-8830.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4581.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/901754 https://bugzilla.suse.com/941113 https://bugzilla.suse.com/942702 https://bugzilla.suse.com/945219 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/957052 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/959709 https://bugzilla.suse.com/960561 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/966849 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968018 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/969354 https://bugzilla.suse.com/969355 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970275 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/971799 https://bugzilla.suse.com/971919 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978445 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979021 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979913 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/982706 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/984464 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/984764 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986377 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/986811 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2131-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 22 Aug '16

22 Aug '16

SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2131-1 Rating: important References: #989196 #990628 #990856 #991809 Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.3.0 ESR to fix the following issues (bsc#991809): * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML file and saved shortcut file * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Also a temporary workaround was added: - Temporarily bind Firefox to the first CPU as a hotfix for an apparent race condition (bsc#989196, bsc#990628) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1254=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1254=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1254=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-devel-45.3.0esr-78.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.3.0esr-78.1 MozillaFirefox-debuginfo-45.3.0esr-78.1 MozillaFirefox-debugsource-45.3.0esr-78.1 MozillaFirefox-translations-45.3.0esr-78.1 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-2835.html https://www.suse.com/security/cve/CVE-2016-2836.html https://www.suse.com/security/cve/CVE-2016-2837.html https://www.suse.com/security/cve/CVE-2016-2838.html https://www.suse.com/security/cve/CVE-2016-2839.html https://www.suse.com/security/cve/CVE-2016-5252.html https://www.suse.com/security/cve/CVE-2016-5254.html https://www.suse.com/security/cve/CVE-2016-5258.html https://www.suse.com/security/cve/CVE-2016-5259.html https://www.suse.com/security/cve/CVE-2016-5262.html https://www.suse.com/security/cve/CVE-2016-5263.html https://www.suse.com/security/cve/CVE-2016-5264.html https://www.suse.com/security/cve/CVE-2016-5265.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/989196 https://bugzilla.suse.com/990628 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/991809 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2105-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 19 Aug '16

19 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2105-1 Rating: important References: #947337 #950998 #951844 #953048 #954847 #956491 #957990 #962742 #963655 #963762 #965087 #966245 #968667 #970114 #970506 #971770 #972933 #973378 #973499 #974165 #974308 #974620 #975531 #975533 #975772 #975788 #977417 #978401 #978469 #978822 #979074 #979213 #979419 #979485 #979489 #979521 #979548 #979681 #979867 #979879 #979922 #980348 #980363 #980371 #980856 #980883 #981038 #981143 #981344 #981597 #982282 #982354 #982544 #982698 #983143 #983213 #983318 #983721 #983904 #983977 #984148 #984456 #984755 #984764 #985232 #985978 #986362 #986365 #986569 #986572 #986573 #986811 #988215 #988498 #988552 #990058 Cross-References: CVE-2014-9904 CVE-2015-7833 CVE-2015-8551 CVE-2015-8552 CVE-2015-8845 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3672 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5828 CVE-2016-5829 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 55 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983143). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bsc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction an exec system call (bsc#986569). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - Add wait_event_cmd() (bsc#953048). - Btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - Disable btrfs patch (bsc#981597) - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521). - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521). - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521). - EDAC/sb_edac: Fix computation of channel address (bsc#979521). - EDAC: Correct channel count limit (bsc#979521). - EDAC: Remove arbitrary limit on number of channels (bsc#979521). - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978). - RAID5: batch adjacent full stripe write (bsc#953048). - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048). - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048). - Restore copying of SKBs with head exceeding page size (bsc#978469). - SCSI: Increase REPORT_LUNS timeout (bsc#982282). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch (bsc#962742). Fix incorrect bugzilla referece. - VSOCK: Fix lockdep issue (bsc#977417). - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417). - base: make module_create_drivers_dir race-free (bnc#983977). - cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552). - ceph: tolerate bad i_size for symlink inode (bsc#985232). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Add support for 64-bit frame buffer addresses (bsc#973499). - efifb: Fix 16 color palette entry calculation (bsc#983318). - efifb: Fix KABI of screen_info struct (bsc#973499). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid-elo: kill not flush the work (bnc#982354). - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes (bnc#979922, LTC#141736) - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kvm: Guest does not show the cpu flag nonstop_tsc (bsc#971770) - md/raid56: Do not perform reads to support writes until stripe is ready. - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048). - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE. - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048). - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048). - md/raid5: always set conf->prev_chunk_sectors and ->prev_algo (bsc#953048). - md/raid5: avoid races when changing cache size (bsc#953048). - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048). - md/raid5: be more selective about distributing flags across batch (bsc#953048). - md/raid5: break stripe-batches when the array has failed (bsc#953048). - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048). - md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048). - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048). - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048). - md/raid5: close recently introduced race in stripe_head management. - md/raid5: consider updating reshape_position at start of reshape (bsc#953048). - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048). - md/raid5: do not do chunk aligned read on degraded array (bsc#953048). - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048). - md/raid5: do not let shrink_slab shrink too far (bsc#953048). - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048). - md/raid5: ensure device failure recorded before write request returns (bsc#953048). - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048). - md/raid5: fix allocation of 'scribble' array (bsc#953048). - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048). - md/raid5: fix handling of degraded stripes in batches (bsc#953048). - md/raid5: fix init_stripe() inconsistencies (bsc#953048). - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048). - md/raid5: fix newly-broken locking in get_active_stripe. - md/raid5: handle possible race as reshape completes (bsc#953048). - md/raid5: ignore released_stripes check (bsc#953048). - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048). - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048). - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048). - md/raid5: need_this_block: tidy/fix last condition (bsc#953048). - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048). - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048). - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048). - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list. - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048). - md/raid5: remove incorrect "min_t()" when calculating writepos (bsc#953048). - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048). - md/raid5: separate large if clause out of fetch_block() (bsc#953048). - md/raid5: separate out the easy conditions in need_this_block (bsc#953048). - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048). - md/raid5: strengthen check on reshape_position at run (bsc#953048). - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048). - md/raid5: use bio_list for the list of bios to return (bsc#953048). - md: be careful when testing resync_max against curr_resync_completed (bsc#953048). - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048). - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048). - md: remove unwanted white space from md.c (bsc#953048). - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087). - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489). - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590). - raid5: Retry R5_ReadNoMerge flag when hit a read error. - raid5: add a new flag to track if a stripe can be batched (bsc#953048). - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048). - raid5: avoid release list until last reference of the stripe (bsc#953048). - raid5: check faulty flag for array status during recovery (bsc#953048). - raid5: fix a race of stripe count check. - raid5: fix broken async operation chain (bsc#953048). - raid5: get_active_stripe avoids device_lock. - raid5: handle expansion/resync case with stripe batching (bsc#953048). - raid5: handle io error of batch list (bsc#953048). - raid5: make_request does less prepare wait. - raid5: relieve lock contention in get_active_stripe(). - raid5: relieve lock contention in get_active_stripe(). - raid5: speedup sync_request processing (bsc#953048). - raid5: track overwrite disk count (bsc#953048). - raid5: update analysis state for failed stripe (bsc#953048). - raid5: use flex_array for scribble data (bsc#953048). - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736). - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736). - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736). - s390/3270: fix view reference counting (bnc#979922, LTC#141736). - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736). - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456). - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106). - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138). - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521). - sb_edac: Fix support for systems with two home agents per socket (bsc#979521). - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521). - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521). - sb_edac: support for Broadwell -EP and -EX (bsc#979521). - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498). - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498). - sched/x86: Fix up typo in topology detection (bsc#974165). - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456). - wait: introduce wait_event_exclusive_cmd (bsc#953048). - x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address (bsc#979521). - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058). - x86: standardize mmap_rnd() usage (bnc#974308). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1246=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1246=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1246=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1246=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1246=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1246=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.62-60.62.1 kernel-obs-build-debugsource-3.12.62-60.62.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.62-60.62.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.62-60.62.1 kernel-default-base-3.12.62-60.62.1 kernel-default-base-debuginfo-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.62-60.62.1 kernel-xen-base-3.12.62-60.62.1 kernel-xen-base-debuginfo-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.62-60.62.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.62-60.62.1 kernel-ec2-debuginfo-3.12.62-60.62.1 kernel-ec2-debugsource-3.12.62-60.62.1 kernel-ec2-devel-3.12.62-60.62.1 kernel-ec2-extra-3.12.62-60.62.1 kernel-ec2-extra-debuginfo-3.12.62-60.62.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-1-4.2 kgraft-patch-3_12_62-60_62-xen-1-4.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.62-60.62.1 kernel-macros-3.12.62-60.62.1 kernel-source-3.12.62-60.62.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.62-60.62.1 kernel-default-debuginfo-3.12.62-60.62.1 kernel-default-debugsource-3.12.62-60.62.1 kernel-default-devel-3.12.62-60.62.1 kernel-default-extra-3.12.62-60.62.1 kernel-default-extra-debuginfo-3.12.62-60.62.1 kernel-syms-3.12.62-60.62.1 kernel-xen-3.12.62-60.62.1 kernel-xen-debuginfo-3.12.62-60.62.1 kernel-xen-debugsource-3.12.62-60.62.1 kernel-xen-devel-3.12.62-60.62.1 References: https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://bugzilla.suse.com/947337 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953048 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/962742 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/965087 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/971770 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973499 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974620 https://bugzilla.suse.com/975531 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975788 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978469 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979489 https://bugzilla.suse.com/979521 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979922 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/981597 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984456 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/984764 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986573 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/988215 https://bugzilla.suse.com/988498 https://bugzilla.suse.com/988552 https://bugzilla.suse.com/990058 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2100-1: important: Security update for xen
by opensuse-security＠opensuse.org 18 Aug '16

18 Aug '16

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2100-1 Rating: important References: #954872 #955399 #957986 #958848 #961600 #963161 #964427 #967630 #973188 #974038 #974912 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979035 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #985503 #986586 #988675 #989235 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 16 fixes is now available. Description: This update for xen fixes the several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend. Additional memory adjustment made. - bsc#974912: Persistent performance drop after live-migration using xend tool stack - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#989235: xen dom0 xm create command only searched /etc/xen instead of /etc/xen/vm - Live Migration SLES 11 SP3 to SP4 on AMD: "xc: error: Couldn't set extended vcpu0 info" - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12702=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12702=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12702=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_07_3.0.101_77-37.1 xen-libs-4.4.4_07-37.1 xen-tools-domU-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_07-37.1 xen-doc-html-4.4.4_07-37.1 xen-libs-32bit-4.4.4_07-37.1 xen-tools-4.4.4_07-37.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_07_3.0.101_77-37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_07-37.1 xen-debugsource-4.4.4_07-37.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/954872 https://bugzilla.suse.com/955399 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/967630 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/974912 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979035 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/989235 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2094-1: important: Security update for yast2-ntp-client
by opensuse-security＠opensuse.org 17 Aug '16

17 Aug '16

SUSE Security Update: Security update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2094-1 Rating: important References: #985065 Cross-References: CVE-2015-1798 CVE-2015-1799 CVE-2015-5194 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 43 vulnerabilities is now available. It includes one version update. Description: The YaST2 NTP Client was updated to handle the presence of both xntp and ntp packages. If none are installed, "ntp" will be installed. Security Issues: * CVE-2016-4953 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953> * CVE-2016-4954 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954> * CVE-2016-4955 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955> * CVE-2016-4956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956> * CVE-2016-4957 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957> * CVE-2016-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547> * CVE-2016-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548> * CVE-2016-1549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549> * CVE-2016-1550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550> * CVE-2016-1551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551> * CVE-2016-2516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516> * CVE-2016-2517 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517> * CVE-2016-2518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518> * CVE-2016-2519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519> * CVE-2015-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158> * CVE-2015-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138> * CVE-2015-7979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979> * CVE-2015-7978 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978> * CVE-2015-7977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977> * CVE-2015-7976 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976> * CVE-2015-7975 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975> * CVE-2015-7974 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974> * CVE-2015-7973 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973> * CVE-2015-5300 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300> * CVE-2015-5194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194> * CVE-2015-7871 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871> * CVE-2015-7855 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855> * CVE-2015-7854 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854> * CVE-2015-7853 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853> * CVE-2015-7852 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852> * CVE-2015-7851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851> * CVE-2015-7850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850> * CVE-2015-7849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849> * CVE-2015-7848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848> * CVE-2015-7701 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701> * CVE-2015-7703 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703> * CVE-2015-7704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704> * CVE-2015-7705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705> * CVE-2015-7691 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691> * CVE-2015-7692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692> * CVE-2015-7702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702> * CVE-2015-1798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798> * CVE-2015-1799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 2.13.18]: yast2-ntp-client-2.13.18-0.20.1 References: https://www.suse.com/security/cve/CVE-2015-1798.html https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-5194.html https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8158.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/985065 https://download.suse.com/patch/finder/?keywords=005fabcea379ebb53725d3077b… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2093-1: important: Security update for xen
by opensuse-security＠opensuse.org 17 Aug '16

17 Aug '16

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2093-1 Rating: important References: #900418 #949889 #953339 #953362 #953518 #954872 #957986 #958848 #961600 #963161 #964427 #973188 #973631 #974038 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #984981 #985503 #986586 #988675 #988676 #990843 #990923 Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 18 fixes is now available. Description: This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182) (bsc#988675). - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) (bsc#988676). - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960). - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225). - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286). - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024). - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025). - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026). - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670). - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276). - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724). - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164). - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843) These non-security issues were fixed: - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#900418: Dump cannot be performed on SLES12 XEN - bsc#953339: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953362: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#953518: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) - bsc#982695: qemu fails to boot HVM guest from xvda - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#949889: Fail to install 32-bit paravirt VM under SLES12SP1Beta3 XEN - bsc#954872: Script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) - bsc#961600: Poor performance when Xen HVM domU configured with max memory greater than current memory - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it after upgrading to latest maintenance updates - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#973631: AWS EC2 kdump issue - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#964427: Discarding device blocks: failed - Input/output error - bsc#985503: Fixed vif-route - bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1238=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1238=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.3_08-17.1 xen-devel-4.5.3_08-17.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-doc-html-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 xen-tools-4.5.3_08-17.1 xen-tools-debuginfo-4.5.3_08-17.1 xen-tools-domU-4.5.3_08-17.1 xen-tools-domU-debuginfo-4.5.3_08-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.3_08-17.1 xen-debugsource-4.5.3_08-17.1 xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1 xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1 xen-libs-32bit-4.5.3_08-17.1 xen-libs-4.5.3_08-17.1 xen-libs-debuginfo-32bit-4.5.3_08-17.1 xen-libs-debuginfo-4.5.3_08-17.1 References: https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6259.html https://www.suse.com/security/cve/CVE-2016-6351.html https://bugzilla.suse.com/900418 https://bugzilla.suse.com/949889 https://bugzilla.suse.com/953339 https://bugzilla.suse.com/953362 https://bugzilla.suse.com/953518 https://bugzilla.suse.com/954872 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/973631 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/984981 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/988676 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2089-1: important: Security update for squid3
by opensuse-security＠opensuse.org 16 Aug '16

16 Aug '16

SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2089-1 Rating: important References: #895773 #902197 #938715 #963539 #967011 #968392 #968393 #968394 #968395 #973782 #973783 #976553 #976556 #976708 #979008 #979009 #979010 #979011 #993299 Cross-References: CVE-2011-3205 CVE-2011-4096 CVE-2012-5643 CVE-2013-0188 CVE-2013-4115 CVE-2014-0128 CVE-2014-6270 CVE-2014-7141 CVE-2014-7142 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142) - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782) - CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010) - Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395) - Regression caused by the DoS fixes above (bsc#993299) - CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783) - CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553) - CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: * fixes multiple issues in ESI processing (bsc#976556) - CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008) - CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715) - CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773) - Memory leak in squid3 when using external_acl (bsc#976708) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12701=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): squid3-debuginfo-3.1.23-8.16.30.1 References: https://www.suse.com/security/cve/CVE-2011-3205.html https://www.suse.com/security/cve/CVE-2011-4096.html https://www.suse.com/security/cve/CVE-2012-5643.html https://www.suse.com/security/cve/CVE-2013-0188.html https://www.suse.com/security/cve/CVE-2013-4115.html https://www.suse.com/security/cve/CVE-2014-0128.html https://www.suse.com/security/cve/CVE-2014-6270.html https://www.suse.com/security/cve/CVE-2014-7141.html https://www.suse.com/security/cve/CVE-2014-7142.html https://www.suse.com/security/cve/CVE-2015-5400.html https://www.suse.com/security/cve/CVE-2016-2390.html https://www.suse.com/security/cve/CVE-2016-2569.html https://www.suse.com/security/cve/CVE-2016-2570.html https://www.suse.com/security/cve/CVE-2016-2571.html https://www.suse.com/security/cve/CVE-2016-2572.html https://www.suse.com/security/cve/CVE-2016-3947.html https://www.suse.com/security/cve/CVE-2016-3948.html https://www.suse.com/security/cve/CVE-2016-4051.html https://www.suse.com/security/cve/CVE-2016-4052.html https://www.suse.com/security/cve/CVE-2016-4053.html https://www.suse.com/security/cve/CVE-2016-4054.html https://www.suse.com/security/cve/CVE-2016-4553.html https://www.suse.com/security/cve/CVE-2016-4554.html https://www.suse.com/security/cve/CVE-2016-4555.html https://www.suse.com/security/cve/CVE-2016-4556.html https://bugzilla.suse.com/895773 https://bugzilla.suse.com/902197 https://bugzilla.suse.com/938715 https://bugzilla.suse.com/963539 https://bugzilla.suse.com/967011 https://bugzilla.suse.com/968392 https://bugzilla.suse.com/968393 https://bugzilla.suse.com/968394 https://bugzilla.suse.com/968395 https://bugzilla.suse.com/973782 https://bugzilla.suse.com/973783 https://bugzilla.suse.com/976553 https://bugzilla.suse.com/976556 https://bugzilla.suse.com/976708 https://bugzilla.suse.com/979008 https://bugzilla.suse.com/979009 https://bugzilla.suse.com/979010 https://bugzilla.suse.com/979011 https://bugzilla.suse.com/993299 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2080-1: important: Security update for php5
by opensuse-security＠opensuse.org 16 Aug '16

16 Aug '16

SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2080-1 Rating: important References: #986004 #986244 #986386 #986388 #986393 #991426 #991427 #991428 #991429 #991430 #991433 #991437 Cross-References: CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php5-12696=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php5-12696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.89.1 php5-5.2.14-0.7.30.89.1 php5-bcmath-5.2.14-0.7.30.89.1 php5-bz2-5.2.14-0.7.30.89.1 php5-calendar-5.2.14-0.7.30.89.1 php5-ctype-5.2.14-0.7.30.89.1 php5-curl-5.2.14-0.7.30.89.1 php5-dba-5.2.14-0.7.30.89.1 php5-dbase-5.2.14-0.7.30.89.1 php5-dom-5.2.14-0.7.30.89.1 php5-exif-5.2.14-0.7.30.89.1 php5-fastcgi-5.2.14-0.7.30.89.1 php5-ftp-5.2.14-0.7.30.89.1 php5-gd-5.2.14-0.7.30.89.1 php5-gettext-5.2.14-0.7.30.89.1 php5-gmp-5.2.14-0.7.30.89.1 php5-hash-5.2.14-0.7.30.89.1 php5-iconv-5.2.14-0.7.30.89.1 php5-json-5.2.14-0.7.30.89.1 php5-ldap-5.2.14-0.7.30.89.1 php5-mbstring-5.2.14-0.7.30.89.1 php5-mcrypt-5.2.14-0.7.30.89.1 php5-mysql-5.2.14-0.7.30.89.1 php5-odbc-5.2.14-0.7.30.89.1 php5-openssl-5.2.14-0.7.30.89.1 php5-pcntl-5.2.14-0.7.30.89.1 php5-pdo-5.2.14-0.7.30.89.1 php5-pear-5.2.14-0.7.30.89.1 php5-pgsql-5.2.14-0.7.30.89.1 php5-pspell-5.2.14-0.7.30.89.1 php5-shmop-5.2.14-0.7.30.89.1 php5-snmp-5.2.14-0.7.30.89.1 php5-soap-5.2.14-0.7.30.89.1 php5-suhosin-5.2.14-0.7.30.89.1 php5-sysvmsg-5.2.14-0.7.30.89.1 php5-sysvsem-5.2.14-0.7.30.89.1 php5-sysvshm-5.2.14-0.7.30.89.1 php5-tokenizer-5.2.14-0.7.30.89.1 php5-wddx-5.2.14-0.7.30.89.1 php5-xmlreader-5.2.14-0.7.30.89.1 php5-xmlrpc-5.2.14-0.7.30.89.1 php5-xmlwriter-5.2.14-0.7.30.89.1 php5-xsl-5.2.14-0.7.30.89.1 php5-zip-5.2.14-0.7.30.89.1 php5-zlib-5.2.14-0.7.30.89.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php5-debuginfo-5.2.14-0.7.30.89.1 php5-debugsource-5.2.14-0.7.30.89.1 References: https://www.suse.com/security/cve/CVE-2015-8935.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2016-5767.html https://www.suse.com/security/cve/CVE-2016-5769.html https://www.suse.com/security/cve/CVE-2016-5772.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://bugzilla.suse.com/986004 https://bugzilla.suse.com/986244 https://bugzilla.suse.com/986386 https://bugzilla.suse.com/986388 https://bugzilla.suse.com/986393 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991437 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE-SU-2016:2074-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 15 Aug '16

15 Aug '16

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2074-1 Rating: important References: #816446 #861093 #928130 #935757 #939826 #942367 #945825 #946117 #946309 #948562 #949744 #949936 #951440 #952384 #953527 #954404 #955354 #955654 #956708 #956709 #958463 #958886 #958951 #959190 #959399 #961500 #961509 #961512 #963765 #963767 #964201 #966437 #966460 #966662 #966693 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968670 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #972510 #973570 #975945 #977847 #978822 Cross-References: CVE-2013-2015 CVE-2013-7446 CVE-2015-0272 CVE-2015-3339 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4486 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 48 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The following non-security bugs were fixed: - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - Fix lpfc_send_rscn_event allocation size claims bnc#935757 - Fix ntpd clock synchronization in Xen PV domains (bnc#816446). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - SCSI: bfa: Fix to handle firmware tskim abort request response (bsc#972510). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bsc#977847). - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117). - privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). - s390/cio: collect format 1 channel-path description data (bsc#966460, bsc#966662). - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662). - s390/cio: fix measurement characteristics memleak (bsc#966460, bsc#966662). - s390/cio: update measurement characteristics (bsc#966460, bsc#966662). - xfs: Fix lost direct IO write in the last block (bsc#949744). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-source-12693=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-source-12693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.40.1 kernel-default-base-3.0.101-0.7.40.1 kernel-default-devel-3.0.101-0.7.40.1 kernel-source-3.0.101-0.7.40.1 kernel-syms-3.0.101-0.7.40.1 kernel-trace-3.0.101-0.7.40.1 kernel-trace-base-3.0.101-0.7.40.1 kernel-trace-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.40.1 kernel-ec2-base-3.0.101-0.7.40.1 kernel-ec2-devel-3.0.101-0.7.40.1 kernel-xen-3.0.101-0.7.40.1 kernel-xen-base-3.0.101-0.7.40.1 kernel-xen-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.40.1 kernel-pae-base-3.0.101-0.7.40.1 kernel-pae-devel-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.40.1 kernel-default-debugsource-3.0.101-0.7.40.1 kernel-default-devel-debuginfo-3.0.101-0.7.40.1 kernel-trace-debuginfo-3.0.101-0.7.40.1 kernel-trace-debugsource-3.0.101-0.7.40.1 kernel-trace-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.40.1 kernel-ec2-debugsource-3.0.101-0.7.40.1 kernel-xen-debuginfo-3.0.101-0.7.40.1 kernel-xen-debugsource-3.0.101-0.7.40.1 kernel-xen-devel-debuginfo-3.0.101-0.7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.40.1 kernel-pae-debugsource-3.0.101-0.7.40.1 kernel-pae-devel-debuginfo-3.0.101-0.7.40.1 References: https://www.suse.com/security/cve/CVE-2013-2015.html https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7515.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4486.html https://bugzilla.suse.com/816446 https://bugzilla.suse.com/861093 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/946117 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956709 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/964201 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966460 https://bugzilla.suse.com/966662 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/972510 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/977847 https://bugzilla.suse.com/978822 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2016:2073-1: important: Security update for GraphicsMagick
by opensuse-security＠opensuse.org 15 Aug '16

15 Aug '16

openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2073-1 Rating: important References: #965853 #983309 #983455 #983521 #983523 #983533 #983752 #983794 #983799 #984142 #984145 #984150 #984166 #984372 #984375 #984379 #984394 #984400 #984408 #984436 #985442 Cross-References: CVE-2014-9805 CVE-2014-9807 CVE-2014-9809 CVE-2014-9815 CVE-2014-9817 CVE-2014-9819 CVE-2014-9820 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9839 CVE-2014-9845 CVE-2014-9846 CVE-2014-9853 CVE-2015-8894 CVE-2015-8896 CVE-2016-2317 CVE-2016-2318 CVE-2016-5240 CVE-2016-5241 CVE-2016-5688 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752) - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309) - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455) - CVE-2014-9846: Overflow in rle file (boo#983521) - CVE-2015-8894: Double free in TGA code (boo#983523) - CVE-2015-8896: Double free / integer truncation issue (boo#983533) - CVE-2014-9807: Double free in pdb coder (boo#983794) - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799) - CVE-2014-9819: Heap overflow in palm files (boo#984142) - CVE-2014-9835: Heap overflow in wpf file (boo#984145) - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375) - CVE-2014-9820: heap overflow in xpm files (boo#984150) - CVE-2014-9837: Additional PNM sanity checks (boo#984166) - CVE-2014-9815: Crash on corrupted wpg file (boo#984372) - CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379) - CVE-2014-9845: Crash due to corrupted dib file (boo#984394) - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400) - CVE-2014-9853: Memory leak in rle file handling (boo#984408) - CVE-2014-9834: Heap overflow in pict file (boo#984436) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442) - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-984=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): GraphicsMagick-1.3.21-11.1 GraphicsMagick-debuginfo-1.3.21-11.1 GraphicsMagick-debugsource-1.3.21-11.1 GraphicsMagick-devel-1.3.21-11.1 libGraphicsMagick++-Q16-11-1.3.21-11.1 libGraphicsMagick++-Q16-11-debuginfo-1.3.21-11.1 libGraphicsMagick++-devel-1.3.21-11.1 libGraphicsMagick-Q16-3-1.3.21-11.1 libGraphicsMagick-Q16-3-debuginfo-1.3.21-11.1 libGraphicsMagick3-config-1.3.21-11.1 libGraphicsMagickWand-Q16-2-1.3.21-11.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-11.1 perl-GraphicsMagick-1.3.21-11.1 perl-GraphicsMagick-debuginfo-1.3.21-11.1 References: https://www.suse.com/security/cve/CVE-2014-9805.html https://www.suse.com/security/cve/CVE-2014-9807.html https://www.suse.com/security/cve/CVE-2014-9809.html https://www.suse.com/security/cve/CVE-2014-9815.html https://www.suse.com/security/cve/CVE-2014-9817.html https://www.suse.com/security/cve/CVE-2014-9819.html https://www.suse.com/security/cve/CVE-2014-9820.html https://www.suse.com/security/cve/CVE-2014-9831.html https://www.suse.com/security/cve/CVE-2014-9834.html https://www.suse.com/security/cve/CVE-2014-9835.html https://www.suse.com/security/cve/CVE-2014-9837.html https://www.suse.com/security/cve/CVE-2014-9839.html https://www.suse.com/security/cve/CVE-2014-9845.html https://www.suse.com/security/cve/CVE-2014-9846.html https://www.suse.com/security/cve/CVE-2014-9853.html https://www.suse.com/security/cve/CVE-2015-8894.html https://www.suse.com/security/cve/CVE-2015-8896.html https://www.suse.com/security/cve/CVE-2016-2317.html https://www.suse.com/security/cve/CVE-2016-2318.html https://www.suse.com/security/cve/CVE-2016-5240.html https://www.suse.com/security/cve/CVE-2016-5241.html https://www.suse.com/security/cve/CVE-2016-5688.html https://bugzilla.suse.com/965853 https://bugzilla.suse.com/983309 https://bugzilla.suse.com/983455 https://bugzilla.suse.com/983521 https://bugzilla.suse.com/983523 https://bugzilla.suse.com/983533 https://bugzilla.suse.com/983752 https://bugzilla.suse.com/983794 https://bugzilla.suse.com/983799 https://bugzilla.suse.com/984142 https://bugzilla.suse.com/984145 https://bugzilla.suse.com/984150 https://bugzilla.suse.com/984166 https://bugzilla.suse.com/984372 https://bugzilla.suse.com/984375 https://bugzilla.suse.com/984379 https://bugzilla.suse.com/984394 https://bugzilla.suse.com/984400 https://bugzilla.suse.com/984408 https://bugzilla.suse.com/984436 https://bugzilla.suse.com/985442 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0