openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- 9788 discussions
[security-announce] SUSE-SU-2016:2177-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1
by opensuse-security@opensuse.org 29 Aug '16
by opensuse-security@opensuse.org 29 Aug '16
29 Aug '16
SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2177-1
Rating: important
References: #986377 #986573 #991667
Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 3.12.59-60_41 fixes several issues.
The following security bugs were fixed:
- CVE-2016-6480: Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
to cause a denial of service (out-of-bounds access or system crash) by
changing a certain size value, aka a "double fetch" vulnerability
(bsc#991667).
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allowed local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bsc#986573).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation
in the netfilter subsystem in the Linux kernel allowed local users to
gain privileges or cause a denial of service (memory corruption) by
leveraging in-container root access to provide a crafted offset value
that triggers an unintended decrement (bsc#986377).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1284=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_59-60_41-default-3-2.1
kgraft-patch-3_12_59-60_41-xen-3-2.1
References:
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://www.suse.com/security/cve/CVE-2016-6480.html
https://bugzilla.suse.com/986377
https://bugzilla.suse.com/986573
https://bugzilla.suse.com/991667
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2175-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1
by opensuse-security@opensuse.org 29 Aug '16
by opensuse-security@opensuse.org 29 Aug '16
29 Aug '16
SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2175-1
Rating: important
References: #986573 #991667
Cross-References: CVE-2016-5829 CVE-2016-6480
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 3.12.59-60_45 fixes several issues.
The following security bugs were fixed:
- CVE-2016-6480: Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
to cause a denial of service (out-of-bounds access or system crash) by
changing a certain size value, aka a "double fetch" vulnerability
(bsc#991667).
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allowed local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bsc#986573).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1283=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_59-60_45-default-3-2.1
kgraft-patch-3_12_59-60_45-xen-3-2.1
References:
https://www.suse.com/security/cve/CVE-2016-5829.html
https://www.suse.com/security/cve/CVE-2016-6480.html
https://bugzilla.suse.com/986573
https://bugzilla.suse.com/991667
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2174-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
by opensuse-security@opensuse.org 29 Aug '16
by opensuse-security@opensuse.org 29 Aug '16
29 Aug '16
SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2174-1
Rating: important
References: #986377 #986573 #991667
Cross-References: CVE-2016-4997 CVE-2016-5829 CVE-2016-6480
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 3.12.49-11 fixes several issues.
The following security bugs were fixed:
- CVE-2016-6480: Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
to cause a denial of service (out-of-bounds access or system crash) by
changing a certain size value, aka a "double fetch" vulnerability
(bsc#991667).
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allowed local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bsc#986573).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation
in the netfilter subsystem in the Linux kernel allowed local users to
gain privileges or cause a denial of service (memory corruption) by
leveraging in-container root access to provide a crafted offset value
that triggers an unintended decrement (bsc#986377).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1288=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_49-11-default-6-17.2
kgraft-patch-3_12_49-11-xen-6-17.2
References:
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://www.suse.com/security/cve/CVE-2016-6480.html
https://bugzilla.suse.com/986377
https://bugzilla.suse.com/986573
https://bugzilla.suse.com/991667
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:2168-1: important: Security update for phpMyAdmin
by opensuse-security@opensuse.org 29 Aug '16
by opensuse-security@opensuse.org 29 Aug '16
29 Aug '16
openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2168-1
Rating: important
References: #994313
Cross-References: CVE-2016-6606 CVE-2016-6607 CVE-2016-6608
CVE-2016-6609 CVE-2016-6610 CVE-2016-6611
CVE-2016-6612 CVE-2016-6613 CVE-2016-6614
CVE-2016-6615 CVE-2016-6616 CVE-2016-6617
CVE-2016-6618 CVE-2016-6619 CVE-2016-6620
CVE-2016-6621 CVE-2016-6622 CVE-2016-6623
CVE-2016-6624 CVE-2016-6625 CVE-2016-6626
CVE-2016-6627 CVE-2016-6628 CVE-2016-6629
CVE-2016-6630 CVE-2016-6631 CVE-2016-6632
CVE-2016-6633
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the
following issues:
- Upstream changelog for 4.4.15.8:
* Improve session cookie code for openid.php and signon.php example files
* Full path disclosure in openid.php and signon.php example files
* Unsafe generation of BlowfishSecret (when not supplied by the user)
* Referrer leak when phpinfo is enabled
* Use HTTPS for wiki links
* Improve SSL certificate handling
* Fix full path disclosure in debugging code
* Administrators could trigger SQL injection attack against users
- other fixes
* Remove Swekey support
- Security fixes: https://www.phpmyadmin.net/security/
* Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606,
CWE-661)
* Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)
* Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)
* PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)
* Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)
* SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)
* Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35
(CVE-2016-6612, CWE-661)
* Local file exposure through symlinks with UploadDir see PMASA-2016-36
(CVE-2016-6613, CWE-661)
* Path traversal with SaveDir and UploadDir see PMASA-2016-37
(CVE-2016-6614, CWE-661)
* Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)
* SQL injection vulnerability as control user see PMASA-2016-39
(CVE-2016-6616, CWE-661)
* SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)
* Denial-of-service attack through transformation feature see
PMASA-2016-41 (CVE-2016-6618, CWE-661)
* SQL injection vulnerability as control user see PMASA-2016-42
(CVE-2016-6619, CWE-661)
* Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620,
CWE-661)
* SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)
* Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and
persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)
* Denial-of-service attack by using for loops see PMASA-2016-46
(CVE-2016-6623, CWE-661)
* Possible circumvention of IP-based allow/deny rules with IPv6 and
proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)
* Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)
* Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626,
CWE-661)
* Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)
* Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661)
* ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661)
* Denial-of-service attack by entering long password see PMASA-2016-53
(CVE-2016-6630, CWE-661)
* Remote code execution vulnerability when running as CGI see
PMASA-2016-54 (CVE-2016-6631, CWE-661)
* Denial-of-service attack when PHP uses dbase extension see
PMASA-2016-55 (CVE-2016-6632, CWE-661)
* Remove tode execution vulnerability when PHP uses dbase extension see
PMASA-2016-56 (CVE-2016-6633, CWE-661)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1021=1
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-1021=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (noarch):
phpMyAdmin-4.4.15.8-25.1
- openSUSE 13.2 (noarch):
phpMyAdmin-4.4.15.8-39.1
References:
https://www.suse.com/security/cve/CVE-2016-6606.html
https://www.suse.com/security/cve/CVE-2016-6607.html
https://www.suse.com/security/cve/CVE-2016-6608.html
https://www.suse.com/security/cve/CVE-2016-6609.html
https://www.suse.com/security/cve/CVE-2016-6610.html
https://www.suse.com/security/cve/CVE-2016-6611.html
https://www.suse.com/security/cve/CVE-2016-6612.html
https://www.suse.com/security/cve/CVE-2016-6613.html
https://www.suse.com/security/cve/CVE-2016-6614.html
https://www.suse.com/security/cve/CVE-2016-6615.html
https://www.suse.com/security/cve/CVE-2016-6616.html
https://www.suse.com/security/cve/CVE-2016-6617.html
https://www.suse.com/security/cve/CVE-2016-6618.html
https://www.suse.com/security/cve/CVE-2016-6619.html
https://www.suse.com/security/cve/CVE-2016-6620.html
https://www.suse.com/security/cve/CVE-2016-6621.html
https://www.suse.com/security/cve/CVE-2016-6622.html
https://www.suse.com/security/cve/CVE-2016-6623.html
https://www.suse.com/security/cve/CVE-2016-6624.html
https://www.suse.com/security/cve/CVE-2016-6625.html
https://www.suse.com/security/cve/CVE-2016-6626.html
https://www.suse.com/security/cve/CVE-2016-6627.html
https://www.suse.com/security/cve/CVE-2016-6628.html
https://www.suse.com/security/cve/CVE-2016-6629.html
https://www.suse.com/security/cve/CVE-2016-6630.html
https://www.suse.com/security/cve/CVE-2016-6631.html
https://www.suse.com/security/cve/CVE-2016-6632.html
https://www.suse.com/security/cve/CVE-2016-6633.html
https://bugzilla.suse.com/994313
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2016:2144-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 24 Aug '16
by opensuse-security@opensuse.org 24 Aug '16
24 Aug '16
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2144-1
Rating: important
References: #901754 #941113 #942702 #945219 #955654 #957052
#957988 #959709 #960561 #961512 #963762 #963765
#966245 #966437 #966693 #966849 #967972 #967973
#967974 #967975 #968010 #968011 #968012 #968013
#968018 #968670 #969354 #969355 #970114 #970275
#970892 #970909 #970911 #970948 #970955 #970956
#970958 #970970 #971124 #971125 #971126 #971360
#971628 #971799 #971919 #971944 #972174 #973378
#973570 #974308 #974418 #974646 #975945 #978401
#978445 #978469 #978821 #978822 #979021 #979213
#979548 #979867 #979879 #979913 #980348 #980363
#980371 #980725 #981267 #982706 #983143 #983213
#984464 #984755 #984764 #986362 #986365 #986377
#986572 #986573 #986811
Cross-References: CVE-2012-6701 CVE-2013-7446 CVE-2014-9904
CVE-2015-3288 CVE-2015-6526 CVE-2015-7566
CVE-2015-8709 CVE-2015-8785 CVE-2015-8812
CVE-2015-8816 CVE-2015-8830 CVE-2016-0758
CVE-2016-1583 CVE-2016-2053 CVE-2016-2184
CVE-2016-2185 CVE-2016-2186 CVE-2016-2187
CVE-2016-2188 CVE-2016-2384 CVE-2016-2543
CVE-2016-2544 CVE-2016-2545 CVE-2016-2546
CVE-2016-2547 CVE-2016-2548 CVE-2016-2549
CVE-2016-2782 CVE-2016-2847 CVE-2016-3134
CVE-2016-3136 CVE-2016-3137 CVE-2016-3138
CVE-2016-3139 CVE-2016-3140 CVE-2016-3156
CVE-2016-3672 CVE-2016-3689 CVE-2016-3951
CVE-2016-4470 CVE-2016-4482 CVE-2016-4485
CVE-2016-4486 CVE-2016-4565 CVE-2016-4569
CVE-2016-4578 CVE-2016-4580 CVE-2016-4581
CVE-2016-4805 CVE-2016-4913 CVE-2016-4997
CVE-2016-5244 CVE-2016-5829
Affected Products:
openSUSE 13.2
______________________________________________________________________________
An update that solves 53 vulnerabilities and has 28 fixes
is now available.
Description:
The openSUSE 13.2 kernel was updated to fix various bugs and security
issues.
The following security bugs were fixed:
- CVE-2016-1583: Prevent the usage of mmap when the lower file system does
not allow it. This could have lead to local privilege escalation when
ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid
(bsc#983143).
- CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c
in the Linux kernel mishandles NM (aka alternate name) entries
containing \0 characters, which allowed local users to obtain sensitive
information from kernel memory or possibly have unspecified other impact
via a crafted isofs filesystem (bnc#980725).
- CVE-2016-4580: The x25_negotiate_facilities function in
net/x25/x25_facilities.c in the Linux kernel did not properly initialize
a certain data structure, which allowed attackers to obtain sensitive
information from kernel stack memory via an X.25 Call Request
(bnc#981267).
- CVE-2016-0758: Tags with indefinite length could have corrupted pointers
in asn1_find_indefinite_length (bsc#979867).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in
the Linux kernel allowed attackers to cause a denial of service (panic)
via an ASN.1 BER file that lacks a public key, leading to mishandling by
the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) via a
crafted endpoints value in a USB device descriptor (bnc#971919 971944).
- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401
bsc#978445).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
incorrectly relies on the write system call, which allowed local users
to cause a denial of service (kernel memory write operation) or possibly
have unspecified other impact via a uAPI interface (bnc#979548
bsc#980363).
- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c
in the Linux kernel did not properly randomize the legacy base address,
which made it easier for local users to defeat the intended restrictions
on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism
for a setuid or setgid program, by disabling stack-consumption resource
limits (bnc#974308).
- CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse
a mount propagation tree in a certain case involving a slave mount,
which allowed local users to cause a denial of service (NULL pointer
dereference and OOPS) via a crafted series of mount system calls
(bnc#979913).
- CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the
Linux kernel did not initialize a certain data structure, which allowed
attackers to obtain sensitive information from kernel stack memory by
reading a message (bnc#978821).
- CVE-2015-3288: A security flaw was found in the Linux kernel that there
was a way to arbitrary change zero page memory. (bnc#979021).
- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize
certain r1 data structures, which allowed local users to obtain
sensitive information from kernel stack memory via crafted use of the
ALSA timer interface, related to the (1) snd_timer_user_ccallback and
(2) snd_timer_user_tinterrupt functions (bnc#979879).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not
validate certain offset fields, which allowed local users to gain
privileges or cause a denial of service (heap memory corruption) via an
IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory by reading a Netlink message (bnc#978822).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the
Linux kernel allowed local users to bypass intended AF_UNIX socket
permissions or cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).
- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory via crafted use of the ALSA timer interface (bnc#979213).
- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of
unread data in pipes, which allowed local users to cause a denial of
service (memory consumption) by creating many pipes with non-default
sizes (bnc#970948 974646).
- CVE-2016-3136: The mct_u232_msr_to_state function in
drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted USB device without two
interrupt-in endpoint descriptors (bnc#970955).
- CVE-2016-2188: The iowarrior_probe function in
drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970956).
- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) via a USB
device without both a control and a data endpoint descriptor
(bnc#970911).
- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel
allowed physically proximate attackers to cause a denial of service
(NULL pointer dereference and system crash) via a USB device without
both an interrupt-in and an interrupt-out endpoint descriptor, related
to the cypress_generic_port_probe and cypress_open functions
(bnc#970970).
- CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (system crash) or possibly have unspecified other
impact by inserting a USB device with an invalid USB descriptor
(bnc#974418).
- CVE-2016-3140: The digi_port_init function in
drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed
physically proximate attackers to cause a denial of service (NULL
pointer dereference and system crash) via a crafted endpoints value in a
USB device descriptor (bnc#970892).
- CVE-2016-2186: The powermate_probe function in
drivers/input/misc/powermate.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970958).
- CVE-2016-2185: The ati_remote2_probe function in
drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#971124).
- CVE-2016-3689: The ims_pcu_parse_cdc_data function in
drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (system crash) via a
USB device without both a master and a slave interface (bnc#971628).
- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles
destruction of device objects, which allowed guest OS users to cause a
denial of service (host OS networking outage) by arranging for a large
number of IP addresses (bnc#971360).
- CVE-2016-2184: The create_fixed_stream_quirk function in
sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel
allowed physically proximate attackers to cause a denial of service
(NULL pointer dereference or double free, and system crash) via a
crafted endpoints value in a USB device descriptor (bnc#971125).
- CVE-2016-3139: The wacom_probe function in
drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970909).
- CVE-2015-8830: Integer overflow in the aio_setup_single_vector function
in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a
denial of service or possibly have unspecified other impact via a large
AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701
regression (bnc#969354 bsc#969355).
- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in
the Linux kernel did not properly maintain a hub-interface data
structure, which allowed physically proximate attackers to cause a
denial of service (invalid memory access and system crash) or possibly
have unspecified other impact by unplugging a USB hub device
(bnc#968010).
- CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c
in the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a bulk-out endpoint (bnc#961512).
- CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent
recursive callback access, which allowed local users to cause a denial
of service (deadlock) via a crafted ioctl call (bnc#968013).
- CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking
approach that did not consider slave timer instances, which allowed
local users to cause a denial of service (race condition,
use-after-free, and system crash) via a crafted ioctl call (bnc#968011).
- CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain
linked lists after a close or stop action, which allowed local users to
cause a denial of service (system crash) via a crafted ioctl call,
related to the (1) snd_timer_close and (2) _snd_timer_stop functions
(bnc#968012).
- CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect
type of mutex, which allowed local users to cause a denial of service
(race condition, use-after-free, and system crash) via a crafted ioctl
call (bnc#967975).
- CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in
the Linux kernel did not properly maintain a certain linked list, which
allowed local users to cause a denial of service (race condition and
system crash) via a crafted ioctl call (bnc#967974).
- CVE-2016-2544: Race condition in the queue_delete function in
sound/core/seq/seq_queue.c in the Linux kernel allowed local users to
cause a denial of service (use-after-free and system crash) by making an
ioctl call at a certain time (bnc#967973).
- CVE-2016-2543: The snd_seq_ioctl_remove_events function in
sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO
assignment before proceeding with FIFO clearing, which allowed local
users to cause a denial of service (NULL pointer dereference and OOPS)
via a crafted ioctl call (bnc#967972).
- CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel
mishandles uid and gid mappings, which allowed local users to gain
privileges by establishing a user namespace, waiting for a root process
to enter that namespace with an unsafe uid or gid, and then using the
ptrace system call. NOTE: the vendor states "there is no kernel bug
here (bnc#959709 960561 ).
- CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel
did not properly identify error conditions, which allowed remote
attackers to execute arbitrary code or cause a denial of service
(use-after-free) via crafted packets (bnc#966437).
- CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create
function in sound/usb/midi.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (panic) or possibly
have unspecified other impact via vectors involving an invalid USB
descriptor (bnc#966693).
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in
the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length for
the first segment of an iov (bnc#963765).
- CVE-2014-9904: The snd_compress_check_input function in
sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel
did not properly check for an integer overflow, which allowed local
users to cause a denial of service (insufficient memory allocation) or
possibly have unspecified other impact via a crafted
SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allow local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bnc#986572 986573).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation
in the netfilter subsystem in the Linux kernel allowed local users to
gain privileges or cause a denial of service (memory corruption) by
leveraging in-container root access to provide a crafted offset value
that triggers an unintended decrement (bnc#986362 986365 986377).
- CVE-2016-4805: Use-after-free vulnerability in
drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to
cause a denial of service (memory corruption and system crash, or
spinlock) or possibly have unspecified other impact by removing a
network namespace, related to the ppp_register_net_channel and
ppp_unregister_channel functions (bnc#980371).
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
in the Linux kernel did not ensure that a certain data structure is
initialized, which allowed local users to cause a denial of service
(system crash) via vectors involving a crafted keyctl request2 command
(bnc#984755 984764).
- CVE-2015-6526: The perf_callchain_user_64 function in
arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms
allowed local users to cause a denial of service (infinite loop) via a
deep 64-bit userspace backtrace (bnc#942702).
- CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the
Linux kernel did not initialize a certain structure member, which
allowed remote attackers to obtain sensitive information from kernel
stack memory by reading an RDS message (bnc#983213).
The following non-security bugs were fixed:
- ALSA: hrtimer: Handle start/stop more properly (bsc#973378).
- ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018).
- ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018).
- ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).
- ALSA: seq: Fix double port list deletion (bsc#968018).
- ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
(bsc#968018).
- ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).
- ALSA: seq: Fix race at closing in virmidi driver (bsc#968018).
- ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018).
- ALSA: timer: Call notifier in the same spinlock (bsc#973378).
- ALSA: timer: Code cleanup (bsc#968018).
- ALSA: timer: Fix leftover link at closing (bsc#968018).
- ALSA: timer: Fix link corruption due to double start or stop
(bsc#968018).
- ALSA: timer: Fix race between stop and interrupt (bsc#968018).
- ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018).
- ALSA: timer: Protect the whole snd_timer_close() with open race
(bsc#973378).
- ALSA: timer: Sync timer deletion at closing the system timer
(bsc#973378).
- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
- Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).
- Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).
- Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).
- Btrfs: do not use src fd for printk (bsc#980348).
- Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly.
Fix the build error on 32bit architectures.
- Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with
head exceeding page size (bsc#978469).
- Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position
updates on /proc/xen/xenbus (bsc#970275).
- Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic
device id 1009 (bnc#982706).
- USB: usbip: fix potential out-of-bounds write (bnc#975945).
- af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).
- backends: guarantee one time reads of shared ring contents (bsc#957988).
- btrfs: do not go readonly on existing qgroup items (bsc#957052).
- btrfs: remove error message from search ioctl for nonexistent tree.
- drm/i915: Fix missing backlight update during panel disablement
(bsc#941113 boo#901754).
- enic: set netdev->vlan_features (bsc#966245).
- ext4: fix races between buffered IO and collapse / insert range
(bsc#972174).
- ext4: fix races between page faults and hole punching (bsc#972174).
- ext4: fix races of writeback with punch hole and zero range (bsc#972174).
- ext4: move unlocked dio protection from ext4_alloc_file_blocks()
(bsc#972174).
- ipv4/fib: do not warn when primary address is missing if in_dev is dead
(bsc#971360).
- ipvs: count pre-established TCP states as active (bsc#970114).
- net: core: Correct an over-stringent device loop detection (bsc#945219).
- netback: do not use last request to determine minimum Tx credit
(bsc#957988).
- pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.
- pciback: Save the number of MSI-X entries to be copied later.
- pciback: guarantee one time reads of shared ring contents (bsc#957988).
- series.conf: move cxgb3 patch to network drivers section
- usb: quirk to stop runtime PM for Intel 7260 (bnc#984464).
- x86: standardize mmap_rnd() usage (bnc#974308).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-1015=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
bbswitch-0.8-3.20.3
bbswitch-debugsource-0.8-3.20.3
bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3
cloop-2.639-14.20.3
cloop-debuginfo-2.639-14.20.3
cloop-debugsource-2.639-14.20.3
cloop-kmp-default-2.639_k3.16.7_42-14.20.3
cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3
cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3
cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3
cloop-kmp-xen-2.639_k3.16.7_42-14.20.3
cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3
crash-7.0.8-20.3
crash-debuginfo-7.0.8-20.3
crash-debugsource-7.0.8-20.3
crash-devel-7.0.8-20.3
crash-doc-7.0.8-20.3
crash-eppic-7.0.8-20.3
crash-eppic-debuginfo-7.0.8-20.3
crash-gcore-7.0.8-20.3
crash-gcore-debuginfo-7.0.8-20.3
crash-kmp-default-7.0.8_k3.16.7_42-20.3
crash-kmp-default-debuginfo-7.0.8_k3.16.7_42-20.3
crash-kmp-desktop-7.0.8_k3.16.7_42-20.3
crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_42-20.3
crash-kmp-xen-7.0.8_k3.16.7_42-20.3
crash-kmp-xen-debuginfo-7.0.8_k3.16.7_42-20.3
hdjmod-debugsource-1.28-18.21.3
hdjmod-kmp-default-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-default-debuginfo-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-desktop-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-xen-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_42-18.21.3
ipset-6.23-20.3
ipset-debuginfo-6.23-20.3
ipset-debugsource-6.23-20.3
ipset-devel-6.23-20.3
ipset-kmp-default-6.23_k3.16.7_42-20.3
ipset-kmp-default-debuginfo-6.23_k3.16.7_42-20.3
ipset-kmp-desktop-6.23_k3.16.7_42-20.3
ipset-kmp-desktop-debuginfo-6.23_k3.16.7_42-20.3
ipset-kmp-xen-6.23_k3.16.7_42-20.3
ipset-kmp-xen-debuginfo-6.23_k3.16.7_42-20.3
kernel-default-3.16.7-42.1
kernel-default-base-3.16.7-42.1
kernel-default-base-debuginfo-3.16.7-42.1
kernel-default-debuginfo-3.16.7-42.1
kernel-default-debugsource-3.16.7-42.1
kernel-default-devel-3.16.7-42.1
kernel-ec2-3.16.7-42.1
kernel-ec2-base-3.16.7-42.1
kernel-ec2-devel-3.16.7-42.1
kernel-obs-build-3.16.7-42.2
kernel-obs-build-debugsource-3.16.7-42.2
kernel-obs-qa-3.16.7-42.1
kernel-obs-qa-xen-3.16.7-42.1
kernel-syms-3.16.7-42.1
libipset3-6.23-20.3
libipset3-debuginfo-6.23-20.3
pcfclock-0.44-260.20.2
pcfclock-debuginfo-0.44-260.20.2
pcfclock-debugsource-0.44-260.20.2
pcfclock-kmp-default-0.44_k3.16.7_42-260.20.2
pcfclock-kmp-default-debuginfo-0.44_k3.16.7_42-260.20.2
pcfclock-kmp-desktop-0.44_k3.16.7_42-260.20.2
pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_42-260.20.2
python-virtualbox-5.0.20-48.5
python-virtualbox-debuginfo-5.0.20-48.5
vhba-kmp-debugsource-20140629-2.20.2
vhba-kmp-default-20140629_k3.16.7_42-2.20.2
vhba-kmp-default-debuginfo-20140629_k3.16.7_42-2.20.2
vhba-kmp-desktop-20140629_k3.16.7_42-2.20.2
vhba-kmp-desktop-debuginfo-20140629_k3.16.7_42-2.20.2
vhba-kmp-xen-20140629_k3.16.7_42-2.20.2
vhba-kmp-xen-debuginfo-20140629_k3.16.7_42-2.20.2
virtualbox-5.0.20-48.5
virtualbox-debuginfo-5.0.20-48.5
virtualbox-debugsource-5.0.20-48.5
virtualbox-devel-5.0.20-48.5
virtualbox-guest-kmp-default-5.0.20_k3.16.7_42-48.5
virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5
virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_42-48.5
virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5
virtualbox-guest-tools-5.0.20-48.5
virtualbox-guest-tools-debuginfo-5.0.20-48.5
virtualbox-guest-x11-5.0.20-48.5
virtualbox-guest-x11-debuginfo-5.0.20-48.5
virtualbox-host-kmp-default-5.0.20_k3.16.7_42-48.5
virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5
virtualbox-host-kmp-desktop-5.0.20_k3.16.7_42-48.5
virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5
virtualbox-qt-5.0.20-48.5
virtualbox-qt-debuginfo-5.0.20-48.5
virtualbox-websrv-5.0.20-48.5
virtualbox-websrv-debuginfo-5.0.20-48.5
xen-debugsource-4.4.4_02-46.2
xen-devel-4.4.4_02-46.2
xen-libs-4.4.4_02-46.2
xen-libs-debuginfo-4.4.4_02-46.2
xen-tools-domU-4.4.4_02-46.2
xen-tools-domU-debuginfo-4.4.4_02-46.2
xtables-addons-2.6-22.3
xtables-addons-debuginfo-2.6-22.3
xtables-addons-debugsource-2.6-22.3
xtables-addons-kmp-default-2.6_k3.16.7_42-22.3
xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_42-22.3
xtables-addons-kmp-desktop-2.6_k3.16.7_42-22.3
xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_42-22.3
xtables-addons-kmp-xen-2.6_k3.16.7_42-22.3
xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_42-22.3
- openSUSE 13.2 (i686 x86_64):
kernel-debug-3.16.7-42.1
kernel-debug-base-3.16.7-42.1
kernel-debug-base-debuginfo-3.16.7-42.1
kernel-debug-debuginfo-3.16.7-42.1
kernel-debug-debugsource-3.16.7-42.1
kernel-debug-devel-3.16.7-42.1
kernel-debug-devel-debuginfo-3.16.7-42.1
kernel-desktop-3.16.7-42.1
kernel-desktop-base-3.16.7-42.1
kernel-desktop-base-debuginfo-3.16.7-42.1
kernel-desktop-debuginfo-3.16.7-42.1
kernel-desktop-debugsource-3.16.7-42.1
kernel-desktop-devel-3.16.7-42.1
kernel-ec2-base-debuginfo-3.16.7-42.1
kernel-ec2-debuginfo-3.16.7-42.1
kernel-ec2-debugsource-3.16.7-42.1
kernel-vanilla-3.16.7-42.1
kernel-vanilla-debuginfo-3.16.7-42.1
kernel-vanilla-debugsource-3.16.7-42.1
kernel-vanilla-devel-3.16.7-42.1
kernel-xen-3.16.7-42.1
kernel-xen-base-3.16.7-42.1
kernel-xen-base-debuginfo-3.16.7-42.1
kernel-xen-debuginfo-3.16.7-42.1
kernel-xen-debugsource-3.16.7-42.1
kernel-xen-devel-3.16.7-42.1
- openSUSE 13.2 (x86_64):
xen-4.4.4_02-46.2
xen-doc-html-4.4.4_02-46.2
xen-kmp-default-4.4.4_02_k3.16.7_42-46.2
xen-kmp-default-debuginfo-4.4.4_02_k3.16.7_42-46.2
xen-kmp-desktop-4.4.4_02_k3.16.7_42-46.2
xen-kmp-desktop-debuginfo-4.4.4_02_k3.16.7_42-46.2
xen-libs-32bit-4.4.4_02-46.2
xen-libs-debuginfo-32bit-4.4.4_02-46.2
xen-tools-4.4.4_02-46.2
xen-tools-debuginfo-4.4.4_02-46.2
- openSUSE 13.2 (noarch):
kernel-devel-3.16.7-42.1
kernel-docs-3.16.7-42.2
kernel-macros-3.16.7-42.1
kernel-source-3.16.7-42.1
kernel-source-vanilla-3.16.7-42.1
virtualbox-guest-desktop-icons-5.0.20-48.5
virtualbox-host-source-5.0.20-48.5
- openSUSE 13.2 (i586):
bbswitch-kmp-pae-0.8_k3.16.7_42-3.20.3
bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_42-3.20.3
cloop-kmp-pae-2.639_k3.16.7_42-14.20.3
cloop-kmp-pae-debuginfo-2.639_k3.16.7_42-14.20.3
crash-kmp-pae-7.0.8_k3.16.7_42-20.3
crash-kmp-pae-debuginfo-7.0.8_k3.16.7_42-20.3
hdjmod-kmp-pae-1.28_k3.16.7_42-18.21.3
hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_42-18.21.3
ipset-kmp-pae-6.23_k3.16.7_42-20.3
ipset-kmp-pae-debuginfo-6.23_k3.16.7_42-20.3
pcfclock-kmp-pae-0.44_k3.16.7_42-260.20.2
pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_42-260.20.2
vhba-kmp-pae-20140629_k3.16.7_42-2.20.2
vhba-kmp-pae-debuginfo-20140629_k3.16.7_42-2.20.2
virtualbox-guest-kmp-pae-5.0.20_k3.16.7_42-48.5
virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5
virtualbox-host-kmp-pae-5.0.20_k3.16.7_42-48.5
virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5
xtables-addons-kmp-pae-2.6_k3.16.7_42-22.3
xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_42-22.3
- openSUSE 13.2 (i686):
kernel-pae-3.16.7-42.1
kernel-pae-base-3.16.7-42.1
kernel-pae-base-debuginfo-3.16.7-42.1
kernel-pae-debuginfo-3.16.7-42.1
kernel-pae-debugsource-3.16.7-42.1
kernel-pae-devel-3.16.7-42.1
References:
https://www.suse.com/security/cve/CVE-2012-6701.html
https://www.suse.com/security/cve/CVE-2013-7446.html
https://www.suse.com/security/cve/CVE-2014-9904.html
https://www.suse.com/security/cve/CVE-2015-3288.html
https://www.suse.com/security/cve/CVE-2015-6526.html
https://www.suse.com/security/cve/CVE-2015-7566.html
https://www.suse.com/security/cve/CVE-2015-8709.html
https://www.suse.com/security/cve/CVE-2015-8785.html
https://www.suse.com/security/cve/CVE-2015-8812.html
https://www.suse.com/security/cve/CVE-2015-8816.html
https://www.suse.com/security/cve/CVE-2015-8830.html
https://www.suse.com/security/cve/CVE-2016-0758.html
https://www.suse.com/security/cve/CVE-2016-1583.html
https://www.suse.com/security/cve/CVE-2016-2053.html
https://www.suse.com/security/cve/CVE-2016-2184.html
https://www.suse.com/security/cve/CVE-2016-2185.html
https://www.suse.com/security/cve/CVE-2016-2186.html
https://www.suse.com/security/cve/CVE-2016-2187.html
https://www.suse.com/security/cve/CVE-2016-2188.html
https://www.suse.com/security/cve/CVE-2016-2384.html
https://www.suse.com/security/cve/CVE-2016-2543.html
https://www.suse.com/security/cve/CVE-2016-2544.html
https://www.suse.com/security/cve/CVE-2016-2545.html
https://www.suse.com/security/cve/CVE-2016-2546.html
https://www.suse.com/security/cve/CVE-2016-2547.html
https://www.suse.com/security/cve/CVE-2016-2548.html
https://www.suse.com/security/cve/CVE-2016-2549.html
https://www.suse.com/security/cve/CVE-2016-2782.html
https://www.suse.com/security/cve/CVE-2016-2847.html
https://www.suse.com/security/cve/CVE-2016-3134.html
https://www.suse.com/security/cve/CVE-2016-3136.html
https://www.suse.com/security/cve/CVE-2016-3137.html
https://www.suse.com/security/cve/CVE-2016-3138.html
https://www.suse.com/security/cve/CVE-2016-3139.html
https://www.suse.com/security/cve/CVE-2016-3140.html
https://www.suse.com/security/cve/CVE-2016-3156.html
https://www.suse.com/security/cve/CVE-2016-3672.html
https://www.suse.com/security/cve/CVE-2016-3689.html
https://www.suse.com/security/cve/CVE-2016-3951.html
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4482.html
https://www.suse.com/security/cve/CVE-2016-4485.html
https://www.suse.com/security/cve/CVE-2016-4486.html
https://www.suse.com/security/cve/CVE-2016-4565.html
https://www.suse.com/security/cve/CVE-2016-4569.html
https://www.suse.com/security/cve/CVE-2016-4578.html
https://www.suse.com/security/cve/CVE-2016-4580.html
https://www.suse.com/security/cve/CVE-2016-4581.html
https://www.suse.com/security/cve/CVE-2016-4805.html
https://www.suse.com/security/cve/CVE-2016-4913.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-5244.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://bugzilla.suse.com/901754
https://bugzilla.suse.com/941113
https://bugzilla.suse.com/942702
https://bugzilla.suse.com/945219
https://bugzilla.suse.com/955654
https://bugzilla.suse.com/957052
https://bugzilla.suse.com/957988
https://bugzilla.suse.com/959709
https://bugzilla.suse.com/960561
https://bugzilla.suse.com/961512
https://bugzilla.suse.com/963762
https://bugzilla.suse.com/963765
https://bugzilla.suse.com/966245
https://bugzilla.suse.com/966437
https://bugzilla.suse.com/966693
https://bugzilla.suse.com/966849
https://bugzilla.suse.com/967972
https://bugzilla.suse.com/967973
https://bugzilla.suse.com/967974
https://bugzilla.suse.com/967975
https://bugzilla.suse.com/968010
https://bugzilla.suse.com/968011
https://bugzilla.suse.com/968012
https://bugzilla.suse.com/968013
https://bugzilla.suse.com/968018
https://bugzilla.suse.com/968670
https://bugzilla.suse.com/969354
https://bugzilla.suse.com/969355
https://bugzilla.suse.com/970114
https://bugzilla.suse.com/970275
https://bugzilla.suse.com/970892
https://bugzilla.suse.com/970909
https://bugzilla.suse.com/970911
https://bugzilla.suse.com/970948
https://bugzilla.suse.com/970955
https://bugzilla.suse.com/970956
https://bugzilla.suse.com/970958
https://bugzilla.suse.com/970970
https://bugzilla.suse.com/971124
https://bugzilla.suse.com/971125
https://bugzilla.suse.com/971126
https://bugzilla.suse.com/971360
https://bugzilla.suse.com/971628
https://bugzilla.suse.com/971799
https://bugzilla.suse.com/971919
https://bugzilla.suse.com/971944
https://bugzilla.suse.com/972174
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/973570
https://bugzilla.suse.com/974308
https://bugzilla.suse.com/974418
https://bugzilla.suse.com/974646
https://bugzilla.suse.com/975945
https://bugzilla.suse.com/978401
https://bugzilla.suse.com/978445
https://bugzilla.suse.com/978469
https://bugzilla.suse.com/978821
https://bugzilla.suse.com/978822
https://bugzilla.suse.com/979021
https://bugzilla.suse.com/979213
https://bugzilla.suse.com/979548
https://bugzilla.suse.com/979867
https://bugzilla.suse.com/979879
https://bugzilla.suse.com/979913
https://bugzilla.suse.com/980348
https://bugzilla.suse.com/980363
https://bugzilla.suse.com/980371
https://bugzilla.suse.com/980725
https://bugzilla.suse.com/981267
https://bugzilla.suse.com/982706
https://bugzilla.suse.com/983143
https://bugzilla.suse.com/983213
https://bugzilla.suse.com/984464
https://bugzilla.suse.com/984755
https://bugzilla.suse.com/984764
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/986377
https://bugzilla.suse.com/986572
https://bugzilla.suse.com/986573
https://bugzilla.suse.com/986811
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2131-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 22 Aug '16
by opensuse-security@opensuse.org 22 Aug '16
22 Aug '16
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2131-1
Rating: important
References: #989196 #990628 #990856 #991809
Cross-References: CVE-2016-2830 CVE-2016-2835 CVE-2016-2836
CVE-2016-2837 CVE-2016-2838 CVE-2016-2839
CVE-2016-5252 CVE-2016-5254 CVE-2016-5258
CVE-2016-5259 CVE-2016-5262 CVE-2016-5263
CVE-2016-5264 CVE-2016-5265 CVE-2016-6354
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
MozillaFirefox was updated to 45.3.0 ESR to fix the following issues
(bsc#991809):
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety
hazards (rv:48.0 / rv:45.3)
* MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when
page is closed
* MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with
bidirectional content
* MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory
allocation issue with FFmpeg 0.10
* MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering
* MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and
toplevel menus
* MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session
shutdown
* MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested
sync events
* MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in
sandboxed iframes
* MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content
Decryption Module (CDM) during video playback
* MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation
* MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects
* MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML
file and saved shortcut file
* CVE-2016-6354: Fix for possible buffer overrun (bsc#990856)
Also a temporary workaround was added:
- Temporarily bind Firefox to the first CPU as a hotfix for an apparent
race condition (bsc#989196, bsc#990628)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1254=1
- SUSE Linux Enterprise Server for SAP 12:
zypper in -t patch SUSE-SLE-SAP-12-2016-1254=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1254=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2016-1254=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1254=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-debuginfo-45.3.0esr-78.1
MozillaFirefox-debugsource-45.3.0esr-78.1
MozillaFirefox-devel-45.3.0esr-78.1
- SUSE Linux Enterprise Server for SAP 12 (x86_64):
MozillaFirefox-45.3.0esr-78.1
MozillaFirefox-debuginfo-45.3.0esr-78.1
MozillaFirefox-debugsource-45.3.0esr-78.1
MozillaFirefox-translations-45.3.0esr-78.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-45.3.0esr-78.1
MozillaFirefox-debuginfo-45.3.0esr-78.1
MozillaFirefox-debugsource-45.3.0esr-78.1
MozillaFirefox-translations-45.3.0esr-78.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
MozillaFirefox-45.3.0esr-78.1
MozillaFirefox-debuginfo-45.3.0esr-78.1
MozillaFirefox-debugsource-45.3.0esr-78.1
MozillaFirefox-translations-45.3.0esr-78.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
MozillaFirefox-45.3.0esr-78.1
MozillaFirefox-debuginfo-45.3.0esr-78.1
MozillaFirefox-debugsource-45.3.0esr-78.1
MozillaFirefox-translations-45.3.0esr-78.1
References:
https://www.suse.com/security/cve/CVE-2016-2830.html
https://www.suse.com/security/cve/CVE-2016-2835.html
https://www.suse.com/security/cve/CVE-2016-2836.html
https://www.suse.com/security/cve/CVE-2016-2837.html
https://www.suse.com/security/cve/CVE-2016-2838.html
https://www.suse.com/security/cve/CVE-2016-2839.html
https://www.suse.com/security/cve/CVE-2016-5252.html
https://www.suse.com/security/cve/CVE-2016-5254.html
https://www.suse.com/security/cve/CVE-2016-5258.html
https://www.suse.com/security/cve/CVE-2016-5259.html
https://www.suse.com/security/cve/CVE-2016-5262.html
https://www.suse.com/security/cve/CVE-2016-5263.html
https://www.suse.com/security/cve/CVE-2016-5264.html
https://www.suse.com/security/cve/CVE-2016-5265.html
https://www.suse.com/security/cve/CVE-2016-6354.html
https://bugzilla.suse.com/989196
https://bugzilla.suse.com/990628
https://bugzilla.suse.com/990856
https://bugzilla.suse.com/991809
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2105-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 19 Aug '16
by opensuse-security@opensuse.org 19 Aug '16
19 Aug '16
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2105-1
Rating: important
References: #947337 #950998 #951844 #953048 #954847 #956491
#957990 #962742 #963655 #963762 #965087 #966245
#968667 #970114 #970506 #971770 #972933 #973378
#973499 #974165 #974308 #974620 #975531 #975533
#975772 #975788 #977417 #978401 #978469 #978822
#979074 #979213 #979419 #979485 #979489 #979521
#979548 #979681 #979867 #979879 #979922 #980348
#980363 #980371 #980856 #980883 #981038 #981143
#981344 #981597 #982282 #982354 #982544 #982698
#983143 #983213 #983318 #983721 #983904 #983977
#984148 #984456 #984755 #984764 #985232 #985978
#986362 #986365 #986569 #986572 #986573 #986811
#988215 #988498 #988552 #990058
Cross-References: CVE-2014-9904 CVE-2015-7833 CVE-2015-8551
CVE-2015-8552 CVE-2015-8845 CVE-2016-0758
CVE-2016-1583 CVE-2016-2053 CVE-2016-3672
CVE-2016-4470 CVE-2016-4482 CVE-2016-4486
CVE-2016-4565 CVE-2016-4569 CVE-2016-4578
CVE-2016-4805 CVE-2016-4997 CVE-2016-4998
CVE-2016-5244 CVE-2016-5828 CVE-2016-5829
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 21 vulnerabilities and has 55 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2014-9904: The snd_compress_check_input function in
sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel
did not properly check for an integer overflow, which allowed local
users to cause a denial of service (insufficient memory allocation) or
possibly have unspecified other impact via a crafted
SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
- CVE-2015-7833: The usbvision driver in the Linux kernel allowed
physically proximate attackers to cause a denial of service (panic) via
a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an x86
system and using Linux as the driver domain, allowed local guest
administrators to hit BUG conditions and cause a denial of service (NULL
pointer dereference and host OS crash) by leveraging a system with
access to a passed-through MSI or MSI-X capable physical PCI device and
a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback
missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an x86
system and using Linux as the driver domain, allowed local guest
administrators to generate a continuous stream of WARN messages and
cause a denial of service (disk consumption) by leveraging a system with
access to a passed-through MSI or MSI-X capable physical PCI device and
XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity
checks (bnc#957990).
- CVE-2015-8845: The tm_reclaim_thread function in
arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms
did not ensure that TM suspend mode exists before proceeding with a
tm_reclaim call, which allowed local users to cause a denial of service
(TM Bad Thing exception and panic) via a crafted application
(bnc#975533).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux
kernel allowed local users to gain privileges via crafted ASN.1 data
(bnc#979867).
- CVE-2016-1583: The ecryptfs_privileged_open function in
fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (stack memory consumption) via
vectors involving crafted mmap calls for /proc pathnames, leading to
recursive pagefault handling (bsc#983143).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in
the Linux kernel allowed attackers to cause a denial of service (panic)
via an ASN.1 BER file that lacks a public key, leading to mishandling by
the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c
in the Linux kernel did not properly randomize the legacy base address,
which made it easier for local users to defeat the intended restrictions
on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism
for a setuid or setgid program, by disabling stack-consumption resource
limits (bnc#974308).
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
in the Linux kernel did not ensure that a certain data structure is
initialized, which allowed local users to cause a denial of service
(system crash) via vectors involving a crafted keyctl request2 command
(bnc#984755).
- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401).
- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory by reading a Netlink message (bnc#978822).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
incorrectly relied on the write system call, which allowed local users
to cause a denial of service (kernel memory write operation) or possibly
have unspecified other impact via a uAPI interface (bnc#979548).
- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c
in the Linux kernel did not initialize a certain data structure, which
allowed local users to obtain sensitive information from kernel stack
memory via crafted use of the ALSA timer interface (bsc#979213).
- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize
certain r1 data structures, which allowed local users to obtain
sensitive information from kernel stack memory via crafted use of the
ALSA timer interface, related to the (1) snd_timer_user_ccallback and
(2) snd_timer_user_tinterrupt functions (bnc#979879).
- CVE-2016-4805: Use-after-free vulnerability in
drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to
cause a denial of service (memory corruption and system crash, or
spinlock) or possibly have unspecified other impact by removing a
network namespace, related to the ppp_register_net_channel and
ppp_unregister_channel functions (bnc#980371).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation
in the netfilter subsystem in the Linux kernel allowed local users to
gain privileges or cause a denial of service (memory corruption) by
leveraging in-container root access to provide a crafted offset value
that triggers an unintended decrement (bsc#986362).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
netfilter subsystem in the Linux kernel allowed local users to cause a
denial of service (out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging in-container root
access to provide a crafted offset value that leads to crossing a
ruleset blob boundary (bsc#986365).
- CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the
Linux kernel did not initialize a certain structure member, which
allowed remote attackers to obtain sensitive information from kernel
stack memory by reading an RDS message (bnc#983213).
- CVE-2016-5828: The start_thread function in
arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms
mishandled transactional state, which allowed local users to cause a
denial of service (invalid process state or TM Bad Thing exception, and
system crash) or possibly have unspecified other impact by starting and
suspending a transaction an exec system call (bsc#986569).
- CVE-2016-5829: Multiple heap-based buffer overflows in the
hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
kernel allowed local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call (bnc#986572).
The following non-security bugs were fixed:
- ALSA: hrtimer: Handle start/stop more properly (bsc#973378).
- Add wait_event_cmd() (bsc#953048).
- Btrfs: be more precise on errors when getting an inode from disk
(bsc#981038).
- Btrfs: do not use src fd for printk (bsc#980348).
- Btrfs: improve performance on fsync against new inode after
rename/unlink (bsc#981038).
- Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).
- Btrfs: serialize subvolume mounts with potentially mismatching rw flags
(bsc#951844).
- Disable btrfs patch (bsc#981597)
- EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).
- EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs()
(bsc#979521).
- EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).
- EDAC/sb_edac: Fix computation of channel address (bsc#979521).
- EDAC: Correct channel count limit (bsc#979521).
- EDAC: Remove arbitrary limit on number of channels (bsc#979521).
- EDAC: Use static attribute groups for managing sysfs entries
(bsc#979521).
- MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).
- PCI/AER: Clear error status registers during enumeration and restore
(bsc#985978).
- RAID5: batch adjacent full stripe write (bsc#953048).
- RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048).
- RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).
- Restore copying of SKBs with head exceeding page size (bsc#978469).
- SCSI: Increase REPORT_LUNS timeout (bsc#982282).
- USB: xhci: Add broken streams quirk for Frescologic device id 1009
(bnc#982698).
- Update
patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch
(bsc#979419). Fix reference.
- Update
patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch
(bsc#962742). Fix incorrect bugzilla referece.
- VSOCK: Fix lockdep issue (bsc#977417).
- VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).
- base: make module_create_drivers_dir race-free (bnc#983977).
- cdc_ncm: workaround for EM7455 "silent" data interface (bnc#988552).
- ceph: tolerate bad i_size for symlink inode (bsc#985232).
- drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).
- drm/mgag200: Add support for a new rev of G200e (bsc#983904).
- drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).
- drm/mgag200: remove unused variables (bsc#983904).
- drm: qxl: Workaround for buggy user-space (bsc#981344).
- efifb: Add support for 64-bit frame buffer addresses (bsc#973499).
- efifb: Fix 16 color palette entry calculation (bsc#983318).
- efifb: Fix KABI of screen_info struct (bsc#973499).
- ehci-pci: enable interrupt on BayTrail (bnc#947337).
- enic: set netdev->vlan_features (bsc#966245).
- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- hid-elo: kill not flush the work (bnc#982354).
- iommu/vt-d: Enable QI on all IOMMUs before setting root entry
(bsc#975772).
- ipvs: count pre-established TCP states as active (bsc#970114).
- kabi/severities: Added raw3270_* PASS to allow IBM LTC changes
(bnc#979922, LTC#141736)
- kabi: prevent spurious modversion changes after bsc#982544 fix
(bsc#982544).
- kvm: Guest does not show the cpu flag nonstop_tsc (bsc#971770)
- md/raid56: Do not perform reads to support writes until stripe is ready.
- md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).
- md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with
REQ_NOMERGE.
- md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).
- md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).
- md/raid5: always set conf->prev_chunk_sectors and ->prev_algo
(bsc#953048).
- md/raid5: avoid races when changing cache size (bsc#953048).
- md/raid5: avoid reading parity blocks for full-stripe write to degraded
array (bsc#953048).
- md/raid5: be more selective about distributing flags across batch
(bsc#953048).
- md/raid5: break stripe-batches when the array has failed (bsc#953048).
- md/raid5: call break_stripe_batch_list from handle_stripe_clean_event
(bsc#953048).
- md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048).
- md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).
- md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).
- md/raid5: close recently introduced race in stripe_head management.
- md/raid5: consider updating reshape_position at start of reshape
(bsc#953048).
- md/raid5: deadlock between retry_aligned_read with barrier io
(bsc#953048).
- md/raid5: do not do chunk aligned read on degraded array (bsc#953048).
- md/raid5: do not index beyond end of array in need_this_block()
(bsc#953048).
- md/raid5: do not let shrink_slab shrink too far (bsc#953048).
- md/raid5: duplicate some more handle_stripe_clean_event code in
break_stripe_batch_list (bsc#953048).
- md/raid5: ensure device failure recorded before write request returns
(bsc#953048).
- md/raid5: ensure whole batch is delayed for all required bitmap updates
(bsc#953048).
- md/raid5: fix allocation of 'scribble' array (bsc#953048).
- md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).
- md/raid5: fix handling of degraded stripes in batches (bsc#953048).
- md/raid5: fix init_stripe() inconsistencies (bsc#953048).
- md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).
- md/raid5: fix newly-broken locking in get_active_stripe.
- md/raid5: handle possible race as reshape completes (bsc#953048).
- md/raid5: ignore released_stripes check (bsc#953048).
- md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).
- md/raid5: move max_nr_stripes management into grow_one_stripe and
drop_one_stripe (bsc#953048).
- md/raid5: need_this_block: start simplifying the last two conditions
(bsc#953048).
- md/raid5: need_this_block: tidy/fix last condition (bsc#953048).
- md/raid5: new alloc_stripe() to allocate an initialize a stripe
(bsc#953048).
- md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).
- md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).
- md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.
- md/raid5: remove condition test from check_break_stripe_batch_list
(bsc#953048).
- md/raid5: remove incorrect "min_t()" when calculating writepos
(bsc#953048).
- md/raid5: remove redundant check in stripe_add_to_batch_list()
(bsc#953048).
- md/raid5: separate large if clause out of fetch_block() (bsc#953048).
- md/raid5: separate out the easy conditions in need_this_block
(bsc#953048).
- md/raid5: split wait_for_stripe and introduce wait_for_quiescent
(bsc#953048).
- md/raid5: strengthen check on reshape_position at run (bsc#953048).
- md/raid5: switch to use conf->chunk_sectors in place of
mddev->chunk_sectors where possible (bsc#953048).
- md/raid5: use ->lock to protect accessing raid5 sysfs attributes
(bsc#953048).
- md/raid5: use bio_list for the list of bios to return (bsc#953048).
- md: be careful when testing resync_max against curr_resync_completed
(bsc#953048).
- md: do_release_stripe(): No need to call md_wakeup_thread() twice
(bsc#953048).
- md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync
(bsc#953048).
- md: remove unwanted white space from md.c (bsc#953048).
- md: use set_bit/clear_bit instead of shift/mask for bi_flags changes
(bsc#953048).
- mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
- net/qlge: Avoids recursive EEH error (bsc#954847).
- net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).
- net: Start with correct mac_len in skb_network_protocol (bsc#968667).
- net: disable fragment reassembly if high_thresh is set to zero
(bsc#970506).
- net: fix wrong mac_len calculation for vlans (bsc#968667).
- netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in
br_validate_ipv6 (bsc#982544).
- netfilter: bridge: do not leak skb in error paths (bsc#982544).
- netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
- nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087).
- perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).
- perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).
- ppp: defer netns reference release for ppp channel (bsc#980371).
- qeth: delete napi struct when removing a qeth device (bnc#988215,
LTC#143590).
- raid5: Retry R5_ReadNoMerge flag when hit a read error.
- raid5: add a new flag to track if a stripe can be batched (bsc#953048).
- raid5: add an option to avoid copy data from bio to stripe cache
(bsc#953048).
- raid5: avoid release list until last reference of the stripe
(bsc#953048).
- raid5: check faulty flag for array status during recovery (bsc#953048).
- raid5: fix a race of stripe count check.
- raid5: fix broken async operation chain (bsc#953048).
- raid5: get_active_stripe avoids device_lock.
- raid5: handle expansion/resync case with stripe batching (bsc#953048).
- raid5: handle io error of batch list (bsc#953048).
- raid5: make_request does less prepare wait.
- raid5: relieve lock contention in get_active_stripe().
- raid5: relieve lock contention in get_active_stripe().
- raid5: speedup sync_request processing (bsc#953048).
- raid5: track overwrite disk count (bsc#953048).
- raid5: update analysis state for failed stripe (bsc#953048).
- raid5: use flex_array for scribble data (bsc#953048).
- s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).
- s390/3270: avoid endless I/O loop with disconnected 3270 terminals
(bnc#979922, LTC#141736).
- s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).
- s390/3270: fix view reference counting (bnc#979922, LTC#141736).
- s390/3270: handle reconnect of a tty with a different size (bnc#979922,
LTC#141736).
- s390/3270: hangup the 3270 tty after a disconnect (bnc#979922,
LTC#141736).
- s390/mm: fix asce_bits handling with dynamic pagetable levels
(bnc#979922, LTC#141456).
- s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).
- s390: fix test_fp_ctl inline assembly contraints (bnc#988215,
LTC#143138).
- sb_edac: Fix a typo and a thinko in address handling for Haswell
(bsc#979521).
- sb_edac: Fix support for systems with two home agents per socket
(bsc#979521).
- sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell
(bsc#979521).
- sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).
- sb_edac: support for Broadwell -EP and -EX (bsc#979521).
- sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency
(bnc#988498).
- sched/cputime: Fix cpu_timer_sample_group() double accounting
(bnc#988498).
- sched/x86: Fix up typo in topology detection (bsc#974165).
- sched: Provide update_curr callbacks for stop/idle scheduling classes
(bnc#988498).
- target/rbd: do not put snap_context twice (bsc#981143).
- target/rbd: remove caw_mutex usage (bsc#981143).
- usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).
- wait: introduce wait_event_exclusive_cmd (bsc#953048).
- x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel
address (bsc#979521).
- x86 EDAC, sb_edac.c: Take account of channel hashing when needed
(bsc#979521).
- x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).
- x86/efi: parse_efi_setup() build fix (bsc#979485).
- x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- x86: Removed the free memblock of hibernat keys to avoid memory
corruption (bsc#990058).
- x86: standardize mmap_rnd() usage (bnc#974308).
- xfs: fix premature enospc on inode allocation (bsc#984148).
- xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).
- xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1246=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1246=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1246=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1246=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1246=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1246=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
kernel-default-debuginfo-3.12.62-60.62.1
kernel-default-debugsource-3.12.62-60.62.1
kernel-default-extra-3.12.62-60.62.1
kernel-default-extra-debuginfo-3.12.62-60.62.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
kernel-obs-build-3.12.62-60.62.1
kernel-obs-build-debugsource-3.12.62-60.62.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):
kernel-docs-3.12.62-60.62.3
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
kernel-default-3.12.62-60.62.1
kernel-default-base-3.12.62-60.62.1
kernel-default-base-debuginfo-3.12.62-60.62.1
kernel-default-debuginfo-3.12.62-60.62.1
kernel-default-debugsource-3.12.62-60.62.1
kernel-default-devel-3.12.62-60.62.1
kernel-syms-3.12.62-60.62.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
kernel-devel-3.12.62-60.62.1
kernel-macros-3.12.62-60.62.1
kernel-source-3.12.62-60.62.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
kernel-xen-3.12.62-60.62.1
kernel-xen-base-3.12.62-60.62.1
kernel-xen-base-debuginfo-3.12.62-60.62.1
kernel-xen-debuginfo-3.12.62-60.62.1
kernel-xen-debugsource-3.12.62-60.62.1
kernel-xen-devel-3.12.62-60.62.1
- SUSE Linux Enterprise Server 12-SP1 (s390x):
kernel-default-man-3.12.62-60.62.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.62-60.62.1
kernel-ec2-debuginfo-3.12.62-60.62.1
kernel-ec2-debugsource-3.12.62-60.62.1
kernel-ec2-devel-3.12.62-60.62.1
kernel-ec2-extra-3.12.62-60.62.1
kernel-ec2-extra-debuginfo-3.12.62-60.62.1
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_62-60_62-default-1-4.2
kgraft-patch-3_12_62-60_62-xen-1-4.2
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
kernel-devel-3.12.62-60.62.1
kernel-macros-3.12.62-60.62.1
kernel-source-3.12.62-60.62.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
kernel-default-3.12.62-60.62.1
kernel-default-debuginfo-3.12.62-60.62.1
kernel-default-debugsource-3.12.62-60.62.1
kernel-default-devel-3.12.62-60.62.1
kernel-default-extra-3.12.62-60.62.1
kernel-default-extra-debuginfo-3.12.62-60.62.1
kernel-syms-3.12.62-60.62.1
kernel-xen-3.12.62-60.62.1
kernel-xen-debuginfo-3.12.62-60.62.1
kernel-xen-debugsource-3.12.62-60.62.1
kernel-xen-devel-3.12.62-60.62.1
References:
https://www.suse.com/security/cve/CVE-2014-9904.html
https://www.suse.com/security/cve/CVE-2015-7833.html
https://www.suse.com/security/cve/CVE-2015-8551.html
https://www.suse.com/security/cve/CVE-2015-8552.html
https://www.suse.com/security/cve/CVE-2015-8845.html
https://www.suse.com/security/cve/CVE-2016-0758.html
https://www.suse.com/security/cve/CVE-2016-1583.html
https://www.suse.com/security/cve/CVE-2016-2053.html
https://www.suse.com/security/cve/CVE-2016-3672.html
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4482.html
https://www.suse.com/security/cve/CVE-2016-4486.html
https://www.suse.com/security/cve/CVE-2016-4565.html
https://www.suse.com/security/cve/CVE-2016-4569.html
https://www.suse.com/security/cve/CVE-2016-4578.html
https://www.suse.com/security/cve/CVE-2016-4805.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-4998.html
https://www.suse.com/security/cve/CVE-2016-5244.html
https://www.suse.com/security/cve/CVE-2016-5828.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://bugzilla.suse.com/947337
https://bugzilla.suse.com/950998
https://bugzilla.suse.com/951844
https://bugzilla.suse.com/953048
https://bugzilla.suse.com/954847
https://bugzilla.suse.com/956491
https://bugzilla.suse.com/957990
https://bugzilla.suse.com/962742
https://bugzilla.suse.com/963655
https://bugzilla.suse.com/963762
https://bugzilla.suse.com/965087
https://bugzilla.suse.com/966245
https://bugzilla.suse.com/968667
https://bugzilla.suse.com/970114
https://bugzilla.suse.com/970506
https://bugzilla.suse.com/971770
https://bugzilla.suse.com/972933
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/973499
https://bugzilla.suse.com/974165
https://bugzilla.suse.com/974308
https://bugzilla.suse.com/974620
https://bugzilla.suse.com/975531
https://bugzilla.suse.com/975533
https://bugzilla.suse.com/975772
https://bugzilla.suse.com/975788
https://bugzilla.suse.com/977417
https://bugzilla.suse.com/978401
https://bugzilla.suse.com/978469
https://bugzilla.suse.com/978822
https://bugzilla.suse.com/979074
https://bugzilla.suse.com/979213
https://bugzilla.suse.com/979419
https://bugzilla.suse.com/979485
https://bugzilla.suse.com/979489
https://bugzilla.suse.com/979521
https://bugzilla.suse.com/979548
https://bugzilla.suse.com/979681
https://bugzilla.suse.com/979867
https://bugzilla.suse.com/979879
https://bugzilla.suse.com/979922
https://bugzilla.suse.com/980348
https://bugzilla.suse.com/980363
https://bugzilla.suse.com/980371
https://bugzilla.suse.com/980856
https://bugzilla.suse.com/980883
https://bugzilla.suse.com/981038
https://bugzilla.suse.com/981143
https://bugzilla.suse.com/981344
https://bugzilla.suse.com/981597
https://bugzilla.suse.com/982282
https://bugzilla.suse.com/982354
https://bugzilla.suse.com/982544
https://bugzilla.suse.com/982698
https://bugzilla.suse.com/983143
https://bugzilla.suse.com/983213
https://bugzilla.suse.com/983318
https://bugzilla.suse.com/983721
https://bugzilla.suse.com/983904
https://bugzilla.suse.com/983977
https://bugzilla.suse.com/984148
https://bugzilla.suse.com/984456
https://bugzilla.suse.com/984755
https://bugzilla.suse.com/984764
https://bugzilla.suse.com/985232
https://bugzilla.suse.com/985978
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/986569
https://bugzilla.suse.com/986572
https://bugzilla.suse.com/986573
https://bugzilla.suse.com/986811
https://bugzilla.suse.com/988215
https://bugzilla.suse.com/988498
https://bugzilla.suse.com/988552
https://bugzilla.suse.com/990058
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2100-1: important: Security update for xen
by opensuse-security@opensuse.org 18 Aug '16
by opensuse-security@opensuse.org 18 Aug '16
18 Aug '16
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2100-1
Rating: important
References: #954872 #955399 #957986 #958848 #961600 #963161
#964427 #967630 #973188 #974038 #974912 #975130
#975138 #975907 #976058 #976111 #978164 #978295
#978413 #979035 #979620 #979670 #980716 #980724
#981264 #981276 #982024 #982025 #982026 #982224
#982225 #982286 #982695 #982960 #983973 #983984
#985503 #986586 #988675 #989235 #990843 #990923
Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159
CVE-2016-3710 CVE-2016-3960 CVE-2016-4001
CVE-2016-4002 CVE-2016-4020 CVE-2016-4037
CVE-2016-4439 CVE-2016-4441 CVE-2016-4453
CVE-2016-4454 CVE-2016-4952 CVE-2016-4962
CVE-2016-4963 CVE-2016-5105 CVE-2016-5106
CVE-2016-5107 CVE-2016-5126 CVE-2016-5238
CVE-2016-5337 CVE-2016-5338 CVE-2016-5403
CVE-2016-6258 CVE-2016-6351
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 26 vulnerabilities and has 16 fixes
is now available.
Description:
This update for xen fixes the several issues.
These security issues were fixed:
- CVE-2014-3672: The qemu implementation in libvirt Xen allowed local
guest OS users to cause a denial of service (host disk consumption) by
writing to stdout or stderr (bsc#981264).
- CVE-2016-3158: The xrstor function did not properly handle writes to the
hardware FSW.ES bit when running on AMD64 processors, which allowed
local guest OS users to obtain sensitive register content information
from another guest by leveraging pending exception and mask bits
(bsc#973188).
- CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not
properly handle writes to the hardware FSW.ES bit when running on AMD64
processors, which allowed local guest OS users to obtain sensitive
register content information from another guest by leveraging pending
exception and mask bits (bsc#973188).
- CVE-2016-3710: The VGA module improperly performed bounds checking on
banked access to video memory, which allowed local guest OS
administrators to execute arbitrary code on the host by changing access
modes after setting the bank register, aka the "Dark Portal" issue
(bsc#978164).
- CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed
local guest OS users to cause a denial of service (host crash) or
possibly gain privileges by shadowing a superpage mapping (bsc#974038).
- CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function,
when the Stellaris ethernet controller is configured to accept large
packets, allowed remote attackers to cause a denial of service (QEMU
crash) via a large packet (bsc#975130).
- CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the
guest NIC is configured to accept large packets, allowed remote
attackers to cause a denial of service (memory corruption and QEMU
crash) or possibly execute arbitrary code via a packet larger than 1514
bytes (bsc#975138).
- CVE-2016-4020: The patch_instruction function did not initialize the
imm32 variable, which allowed local guest OS administrators to obtain
sensitive information from host stack memory by accessing the Task
Priority Register (TPR) (bsc#975907).
- CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c
allowed local guest OS administrators to cause a denial of service
(infinite loop and CPU consumption) via a circular split isochronous
transfer descriptor (siTD) list (bsc#976111).
- CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI
Controller (FSC) support did not properly check command buffer length,
which allowed local guest OS administrators to cause a denial of service
(out-of-bounds write and QEMU process crash) or potentially execute
arbitrary code on the host via unspecified vectors (bsc#980716).
- CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller
(FSC) support did not properly check DMA length, which allowed local
guest OS administrators to cause a denial of service (out-of-bounds
write and QEMU process crash) via unspecified vectors, involving an SCSI
command (bsc#980724).
- CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS
administrators to cause a denial of service (infinite loop and QEMU
process crash) via a VGA command (bsc#982225).
- CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS
administrators to obtain sensitive host memory information or cause a
denial of service (QEMU process crash) by changing FIFO registers and
issuing a VGA command, which triggered an out-of-bounds read
(bsc#982224).
- CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data
routines (bsc#981276).
- CVE-2016-4962: The libxl device-handling allowed local OS guest
administrators to cause a denial of service (resource consumption or
management facility confusion) or gain host OS privileges by
manipulating information in guest controlled areas of xenstore
(bsc#979620).
- CVE-2016-4963: The libxl device-handling allowed local guest OS users
with access to the driver domain to cause a denial of service
(management tool confusion) by manipulating information in the backend
directories in xenstore (bsc#979670).
- CVE-2016-5105: Stack information leakage while reading configuration
(bsc#982024).
- CVE-2016-5106: Out-of-bounds write while setting controller properties
(bsc#982025).
- CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function
(bsc#982026).
- CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl
function allowed local guest OS users to cause a denial of service (QEMU
process crash) or possibly execute arbitrary code via a crafted iSCSI
asynchronous I/O ioctl call (bsc#982286).
- CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed
local guest OS administrators to cause a denial of service
(out-of-bounds write and QEMU process crash) via vectors related to
reading from the information transfer buffer in non-DMA mode
(bsc#982960).
- CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS
administrators to obtain sensitive host memory information via vectors
related to reading device control information (bsc#983973).
- CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions
allowed local guest OS administrators to cause a denial of service (QEMU
process crash) or execute arbitrary code on the host via vectors related
to the information transfer buffer (bsc#983984).
- CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182)
(bsc#988675).
- bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176)
- CVE-2016-5403: virtio: unbounded memory allocation on host via guest
leading to DoS (XSA-184) (bsc#990923)
- CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843)
These non-security issues were fixed:
- bsc#954872: Script block-dmmd not working as expected - libxl: error:
libxl_dm.c
- bsc#957986: Indirect descriptors are not compatible with Amazon block
backend
- bsc#958848: HVM guest crash at
/usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407
- bsc#961600: Poor performance when Xen HVM domU configured with max
memory greater than current memory
- bsc#963161: Windows VM getting stuck during load while a VF is assigned
to it after upgrading to latest maintenance updates
- bsc#964427: Discarding device blocks: failed - Input/output error
- bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu)
- bsc#982695: qemu fails to boot HVM guest from xvda
- bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non
xen kernel)
- bsc#967630: Discrepancy in reported memory size with correction XSA-153
for xend. Additional memory adjustment made.
- bsc#974912: Persistent performance drop after live-migration using xend
tool stack
- bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399
- bsc#989235: xen dom0 xm create command only searched /etc/xen instead of
/etc/xen/vm
- Live Migration SLES 11 SP3 to SP4 on AMD: "xc: error: Couldn't set
extended vcpu0 info"
- bsc#985503: Fixed vif-route
- bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xen-12702=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xen-12702=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-12702=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
xen-devel-4.4.4_07-37.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
xen-kmp-default-4.4.4_07_3.0.101_77-37.1
xen-libs-4.4.4_07-37.1
xen-tools-domU-4.4.4_07-37.1
- SUSE Linux Enterprise Server 11-SP4 (x86_64):
xen-4.4.4_07-37.1
xen-doc-html-4.4.4_07-37.1
xen-libs-32bit-4.4.4_07-37.1
xen-tools-4.4.4_07-37.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
xen-kmp-pae-4.4.4_07_3.0.101_77-37.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_07-37.1
xen-debugsource-4.4.4_07-37.1
References:
https://www.suse.com/security/cve/CVE-2014-3672.html
https://www.suse.com/security/cve/CVE-2016-3158.html
https://www.suse.com/security/cve/CVE-2016-3159.html
https://www.suse.com/security/cve/CVE-2016-3710.html
https://www.suse.com/security/cve/CVE-2016-3960.html
https://www.suse.com/security/cve/CVE-2016-4001.html
https://www.suse.com/security/cve/CVE-2016-4002.html
https://www.suse.com/security/cve/CVE-2016-4020.html
https://www.suse.com/security/cve/CVE-2016-4037.html
https://www.suse.com/security/cve/CVE-2016-4439.html
https://www.suse.com/security/cve/CVE-2016-4441.html
https://www.suse.com/security/cve/CVE-2016-4453.html
https://www.suse.com/security/cve/CVE-2016-4454.html
https://www.suse.com/security/cve/CVE-2016-4952.html
https://www.suse.com/security/cve/CVE-2016-4962.html
https://www.suse.com/security/cve/CVE-2016-4963.html
https://www.suse.com/security/cve/CVE-2016-5105.html
https://www.suse.com/security/cve/CVE-2016-5106.html
https://www.suse.com/security/cve/CVE-2016-5107.html
https://www.suse.com/security/cve/CVE-2016-5126.html
https://www.suse.com/security/cve/CVE-2016-5238.html
https://www.suse.com/security/cve/CVE-2016-5337.html
https://www.suse.com/security/cve/CVE-2016-5338.html
https://www.suse.com/security/cve/CVE-2016-5403.html
https://www.suse.com/security/cve/CVE-2016-6258.html
https://www.suse.com/security/cve/CVE-2016-6351.html
https://bugzilla.suse.com/954872
https://bugzilla.suse.com/955399
https://bugzilla.suse.com/957986
https://bugzilla.suse.com/958848
https://bugzilla.suse.com/961600
https://bugzilla.suse.com/963161
https://bugzilla.suse.com/964427
https://bugzilla.suse.com/967630
https://bugzilla.suse.com/973188
https://bugzilla.suse.com/974038
https://bugzilla.suse.com/974912
https://bugzilla.suse.com/975130
https://bugzilla.suse.com/975138
https://bugzilla.suse.com/975907
https://bugzilla.suse.com/976058
https://bugzilla.suse.com/976111
https://bugzilla.suse.com/978164
https://bugzilla.suse.com/978295
https://bugzilla.suse.com/978413
https://bugzilla.suse.com/979035
https://bugzilla.suse.com/979620
https://bugzilla.suse.com/979670
https://bugzilla.suse.com/980716
https://bugzilla.suse.com/980724
https://bugzilla.suse.com/981264
https://bugzilla.suse.com/981276
https://bugzilla.suse.com/982024
https://bugzilla.suse.com/982025
https://bugzilla.suse.com/982026
https://bugzilla.suse.com/982224
https://bugzilla.suse.com/982225
https://bugzilla.suse.com/982286
https://bugzilla.suse.com/982695
https://bugzilla.suse.com/982960
https://bugzilla.suse.com/983973
https://bugzilla.suse.com/983984
https://bugzilla.suse.com/985503
https://bugzilla.suse.com/986586
https://bugzilla.suse.com/988675
https://bugzilla.suse.com/989235
https://bugzilla.suse.com/990843
https://bugzilla.suse.com/990923
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2094-1: important: Security update for yast2-ntp-client
by opensuse-security@opensuse.org 17 Aug '16
by opensuse-security@opensuse.org 17 Aug '16
17 Aug '16
SUSE Security Update: Security update for yast2-ntp-client
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2094-1
Rating: important
References: #985065
Cross-References: CVE-2015-1798 CVE-2015-1799 CVE-2015-5194
CVE-2015-5300 CVE-2015-7691 CVE-2015-7692
CVE-2015-7701 CVE-2015-7702 CVE-2015-7703
CVE-2015-7704 CVE-2015-7705 CVE-2015-7848
CVE-2015-7849 CVE-2015-7850 CVE-2015-7851
CVE-2015-7852 CVE-2015-7853 CVE-2015-7854
CVE-2015-7855 CVE-2015-7871 CVE-2015-7973
CVE-2015-7974 CVE-2015-7975 CVE-2015-7976
CVE-2015-7977 CVE-2015-7978 CVE-2015-7979
CVE-2015-8138 CVE-2015-8158 CVE-2016-1547
CVE-2016-1548 CVE-2016-1549 CVE-2016-1550
CVE-2016-1551 CVE-2016-2516 CVE-2016-2517
CVE-2016-2518 CVE-2016-2519 CVE-2016-4953
CVE-2016-4954 CVE-2016-4955 CVE-2016-4956
CVE-2016-4957
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that fixes 43 vulnerabilities is now available.
It includes one version update.
Description:
The YaST2 NTP Client was updated to handle the presence of both xntp and
ntp packages.
If none are installed, "ntp" will be installed.
Security Issues:
* CVE-2016-4953
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953>
* CVE-2016-4954
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954>
* CVE-2016-4955
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955>
* CVE-2016-4956
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956>
* CVE-2016-4957
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957>
* CVE-2016-1547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547>
* CVE-2016-1548
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548>
* CVE-2016-1549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549>
* CVE-2016-1550
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550>
* CVE-2016-1551
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551>
* CVE-2016-2516
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516>
* CVE-2016-2517
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517>
* CVE-2016-2518
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518>
* CVE-2016-2519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519>
* CVE-2015-8158
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158>
* CVE-2015-8138
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138>
* CVE-2015-7979
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979>
* CVE-2015-7978
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978>
* CVE-2015-7977
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977>
* CVE-2015-7976
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976>
* CVE-2015-7975
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975>
* CVE-2015-7974
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974>
* CVE-2015-7973
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973>
* CVE-2015-5300
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300>
* CVE-2015-5194
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194>
* CVE-2015-7871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871>
* CVE-2015-7855
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855>
* CVE-2015-7854
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854>
* CVE-2015-7853
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853>
* CVE-2015-7852
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852>
* CVE-2015-7851
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851>
* CVE-2015-7850
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850>
* CVE-2015-7849
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849>
* CVE-2015-7848
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848>
* CVE-2015-7701
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701>
* CVE-2015-7703
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703>
* CVE-2015-7704
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704>
* CVE-2015-7705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705>
* CVE-2015-7691
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691>
* CVE-2015-7692
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692>
* CVE-2015-7702
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702>
* CVE-2015-1798
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798>
* CVE-2015-1799
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799>
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 2.13.18]:
yast2-ntp-client-2.13.18-0.20.1
References:
https://www.suse.com/security/cve/CVE-2015-1798.html
https://www.suse.com/security/cve/CVE-2015-1799.html
https://www.suse.com/security/cve/CVE-2015-5194.html
https://www.suse.com/security/cve/CVE-2015-5300.html
https://www.suse.com/security/cve/CVE-2015-7691.html
https://www.suse.com/security/cve/CVE-2015-7692.html
https://www.suse.com/security/cve/CVE-2015-7701.html
https://www.suse.com/security/cve/CVE-2015-7702.html
https://www.suse.com/security/cve/CVE-2015-7703.html
https://www.suse.com/security/cve/CVE-2015-7704.html
https://www.suse.com/security/cve/CVE-2015-7705.html
https://www.suse.com/security/cve/CVE-2015-7848.html
https://www.suse.com/security/cve/CVE-2015-7849.html
https://www.suse.com/security/cve/CVE-2015-7850.html
https://www.suse.com/security/cve/CVE-2015-7851.html
https://www.suse.com/security/cve/CVE-2015-7852.html
https://www.suse.com/security/cve/CVE-2015-7853.html
https://www.suse.com/security/cve/CVE-2015-7854.html
https://www.suse.com/security/cve/CVE-2015-7855.html
https://www.suse.com/security/cve/CVE-2015-7871.html
https://www.suse.com/security/cve/CVE-2015-7973.html
https://www.suse.com/security/cve/CVE-2015-7974.html
https://www.suse.com/security/cve/CVE-2015-7975.html
https://www.suse.com/security/cve/CVE-2015-7976.html
https://www.suse.com/security/cve/CVE-2015-7977.html
https://www.suse.com/security/cve/CVE-2015-7978.html
https://www.suse.com/security/cve/CVE-2015-7979.html
https://www.suse.com/security/cve/CVE-2015-8138.html
https://www.suse.com/security/cve/CVE-2015-8158.html
https://www.suse.com/security/cve/CVE-2016-1547.html
https://www.suse.com/security/cve/CVE-2016-1548.html
https://www.suse.com/security/cve/CVE-2016-1549.html
https://www.suse.com/security/cve/CVE-2016-1550.html
https://www.suse.com/security/cve/CVE-2016-1551.html
https://www.suse.com/security/cve/CVE-2016-2516.html
https://www.suse.com/security/cve/CVE-2016-2517.html
https://www.suse.com/security/cve/CVE-2016-2518.html
https://www.suse.com/security/cve/CVE-2016-2519.html
https://www.suse.com/security/cve/CVE-2016-4953.html
https://www.suse.com/security/cve/CVE-2016-4954.html
https://www.suse.com/security/cve/CVE-2016-4955.html
https://www.suse.com/security/cve/CVE-2016-4956.html
https://www.suse.com/security/cve/CVE-2016-4957.html
https://bugzilla.suse.com/985065
https://download.suse.com/patch/finder/?keywords=005fabcea379ebb53725d3077b…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2016:2093-1: important: Security update for xen
by opensuse-security@opensuse.org 17 Aug '16
by opensuse-security@opensuse.org 17 Aug '16
17 Aug '16
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2093-1
Rating: important
References: #900418 #949889 #953339 #953362 #953518 #954872
#957986 #958848 #961600 #963161 #964427 #973188
#973631 #974038 #975130 #975138 #975907 #976058
#976111 #978164 #978295 #978413 #979620 #979670
#980716 #980724 #981264 #981276 #982024 #982025
#982026 #982224 #982225 #982286 #982695 #982960
#983973 #983984 #984981 #985503 #986586 #988675
#988676 #990843 #990923
Cross-References: CVE-2014-3672 CVE-2016-3158 CVE-2016-3159
CVE-2016-3710 CVE-2016-3960 CVE-2016-4001
CVE-2016-4002 CVE-2016-4020 CVE-2016-4037
CVE-2016-4439 CVE-2016-4441 CVE-2016-4453
CVE-2016-4454 CVE-2016-4952 CVE-2016-4962
CVE-2016-4963 CVE-2016-5105 CVE-2016-5106
CVE-2016-5107 CVE-2016-5126 CVE-2016-5238
CVE-2016-5337 CVE-2016-5338 CVE-2016-5403
CVE-2016-6258 CVE-2016-6259 CVE-2016-6351
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 27 vulnerabilities and has 18 fixes
is now available.
Description:
This update for xen to version 4.5.3 fixes the several issues.
These security issues were fixed:
- CVE-2016-6258: Potential privilege escalation in PV guests (XSA-182)
(bsc#988675).
- CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event
delivery (XSA-183) (bsc#988676).
- CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS
administrators to obtain sensitive host memory information via vectors
related to reading device control information (bsc#983973).
- CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions
allowed local guest OS administrators to cause a denial of service (QEMU
process crash) or execute arbitrary code on the host via vectors related
to the information transfer buffer (bsc#983984).
- CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed
local guest OS administrators to cause a denial of service
(out-of-bounds write and QEMU process crash) via vectors related to
reading from the information transfer buffer in non-DMA mode
(bsc#982960).
- CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS
administrators to cause a denial of service (infinite loop and QEMU
process crash) via a VGA command (bsc#982225).
- CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS
administrators to obtain sensitive host memory information or cause a
denial of service (QEMU process crash) by changing FIFO registers and
issuing a VGA command, which triggered an out-of-bounds read
(bsc#982224).
- CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl
function allowed local guest OS users to cause a denial of service (QEMU
process crash) or possibly execute arbitrary code via a crafted iSCSI
asynchronous I/O ioctl call (bsc#982286).
- CVE-2016-5105: Stack information leakage while reading configuration
(bsc#982024).
- CVE-2016-5106: Out-of-bounds write while setting controller properties
(bsc#982025).
- CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function
(bsc#982026).
- CVE-2016-4963: The libxl device-handling allowed local guest OS users
with access to the driver domain to cause a denial of service
(management tool confusion) by manipulating information in the backend
directories in xenstore (bsc#979670).
- CVE-2016-4962: The libxl device-handling allowed local OS guest
administrators to cause a denial of service (resource consumption or
management facility confusion) or gain host OS privileges by
manipulating information in guest controlled areas of xenstore
(bsc#979620).
- CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data
routines (bsc#981276).
- CVE-2014-3672: The qemu implementation in libvirt Xen allowed local
guest OS users to cause a denial of service (host disk consumption) by
writing to stdout or stderr (bsc#981264).
- CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller
(FSC) support did not properly check DMA length, which allowed local
guest OS administrators to cause a denial of service (out-of-bounds
write and QEMU process crash) via unspecified vectors, involving an SCSI
command (bsc#980724).
- CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI
Controller (FSC) support did not properly check command buffer length,
which allowed local guest OS administrators to cause a denial of service
(out-of-bounds write and QEMU process crash) or potentially execute
arbitrary code on the host via unspecified vectors (bsc#980716).
- CVE-2016-3710: The VGA module improperly performed bounds checking on
banked access to video memory, which allowed local guest OS
administrators to execute arbitrary code on the host by changing access
modes after setting the bank register, aka the "Dark Portal" issue
(bsc#978164).
- CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed
local guest OS users to cause a denial of service (host crash) or
possibly gain privileges by shadowing a superpage mapping (bsc#974038).
- CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not
properly handle writes to the hardware FSW.ES bit when running on AMD64
processors, which allowed local guest OS users to obtain sensitive
register content information from another guest by leveraging pending
exception and mask bits (bsc#973188).
- CVE-2016-3158: The xrstor function did not properly handle writes to the
hardware FSW.ES bit when running on AMD64 processors, which allowed
local guest OS users to obtain sensitive register content information
from another guest by leveraging pending exception and mask bits
(bsc#973188).
- CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c
allowed local guest OS administrators to cause a denial of service
(infinite loop and CPU consumption) via a circular split isochronous
transfer descriptor (siTD) list (bsc#976111).
- CVE-2016-4020: The patch_instruction function did not initialize the
imm32 variable, which allowed local guest OS administrators to obtain
sensitive information from host stack memory by accessing the Task
Priority Register (TPR) (bsc#975907).
- CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function,
when the Stellaris ethernet controller is configured to accept large
packets, allowed remote attackers to cause a denial of service (QEMU
crash) via a large packet (bsc#975130).
- CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the
guest NIC is configured to accept large packets, allowed remote
attackers to cause a denial of service (memory corruption and QEMU
crash) or possibly execute arbitrary code via a packet larger than 1514
bytes (bsc#975138).
- bsc#978295: x86 software guest page walk PS bit handling flaw (XSA-176)
- CVE-2016-5403: virtio: unbounded memory allocation on host via guest
leading to DoS (XSA-184) (bsc#990923)
- CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bsc#990843)
These non-security issues were fixed:
- bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non
xen kernel)
- bsc#900418: Dump cannot be performed on SLES12 XEN
- bsc#953339: Implement SUSE specific unplug protocol for emulated PCI
devices in PVonHVM guests to qemu-xen-upstream
- bsc#953362: Implement SUSE specific unplug protocol for emulated PCI
devices in PVonHVM guests to qemu-xen-upstream
- bsc#953518: Implement SUSE specific unplug protocol for emulated PCI
devices in PVonHVM guests to qemu-xen-upstream
- bsc#984981: Implement SUSE specific unplug protocol for emulated PCI
devices in PVonHVM guests to qemu-xen-upstream
- bsc#954872: Script block-dmmd not working as expected - libxl: error:
libxl_dm.c (Additional fixes)
- bsc#982695: qemu fails to boot HVM guest from xvda
- bsc#958848: HVM guest crash at
/usr/src/packages/BUILD/xen-4.4.2-testing/obj/default/balloon/balloon.c:407
- bsc#949889: Fail to install 32-bit paravirt VM under SLES12SP1Beta3 XEN
- bsc#954872: Script block-dmmd not working as expected - libxl: error:
libxl_dm.c (another modification)
- bsc#961600: Poor performance when Xen HVM domU configured with max
memory greater than current memory
- bsc#963161: Windows VM getting stuck during load while a VF is assigned
to it after upgrading to latest maintenance updates
- bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu)
- bsc#973631: AWS EC2 kdump issue
- bsc#957986: Indirect descriptors are not compatible with Amazon block
backend
- bsc#964427: Discarding device blocks: failed - Input/output error
- bsc#985503: Fixed vif-route
- bsc#978413: PV guest upgrade from SLES11 SP4 to SLES 12 SP2 alpha3 failed
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1238=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1238=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1238=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64):
xen-debugsource-4.5.3_08-17.1
xen-devel-4.5.3_08-17.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
xen-4.5.3_08-17.1
xen-debugsource-4.5.3_08-17.1
xen-doc-html-4.5.3_08-17.1
xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1
xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1
xen-libs-32bit-4.5.3_08-17.1
xen-libs-4.5.3_08-17.1
xen-libs-debuginfo-32bit-4.5.3_08-17.1
xen-libs-debuginfo-4.5.3_08-17.1
xen-tools-4.5.3_08-17.1
xen-tools-debuginfo-4.5.3_08-17.1
xen-tools-domU-4.5.3_08-17.1
xen-tools-domU-debuginfo-4.5.3_08-17.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
xen-4.5.3_08-17.1
xen-debugsource-4.5.3_08-17.1
xen-kmp-default-4.5.3_08_k3.12.59_60.45-17.1
xen-kmp-default-debuginfo-4.5.3_08_k3.12.59_60.45-17.1
xen-libs-32bit-4.5.3_08-17.1
xen-libs-4.5.3_08-17.1
xen-libs-debuginfo-32bit-4.5.3_08-17.1
xen-libs-debuginfo-4.5.3_08-17.1
References:
https://www.suse.com/security/cve/CVE-2014-3672.html
https://www.suse.com/security/cve/CVE-2016-3158.html
https://www.suse.com/security/cve/CVE-2016-3159.html
https://www.suse.com/security/cve/CVE-2016-3710.html
https://www.suse.com/security/cve/CVE-2016-3960.html
https://www.suse.com/security/cve/CVE-2016-4001.html
https://www.suse.com/security/cve/CVE-2016-4002.html
https://www.suse.com/security/cve/CVE-2016-4020.html
https://www.suse.com/security/cve/CVE-2016-4037.html
https://www.suse.com/security/cve/CVE-2016-4439.html
https://www.suse.com/security/cve/CVE-2016-4441.html
https://www.suse.com/security/cve/CVE-2016-4453.html
https://www.suse.com/security/cve/CVE-2016-4454.html
https://www.suse.com/security/cve/CVE-2016-4952.html
https://www.suse.com/security/cve/CVE-2016-4962.html
https://www.suse.com/security/cve/CVE-2016-4963.html
https://www.suse.com/security/cve/CVE-2016-5105.html
https://www.suse.com/security/cve/CVE-2016-5106.html
https://www.suse.com/security/cve/CVE-2016-5107.html
https://www.suse.com/security/cve/CVE-2016-5126.html
https://www.suse.com/security/cve/CVE-2016-5238.html
https://www.suse.com/security/cve/CVE-2016-5337.html
https://www.suse.com/security/cve/CVE-2016-5338.html
https://www.suse.com/security/cve/CVE-2016-5403.html
https://www.suse.com/security/cve/CVE-2016-6258.html
https://www.suse.com/security/cve/CVE-2016-6259.html
https://www.suse.com/security/cve/CVE-2016-6351.html
https://bugzilla.suse.com/900418
https://bugzilla.suse.com/949889
https://bugzilla.suse.com/953339
https://bugzilla.suse.com/953362
https://bugzilla.suse.com/953518
https://bugzilla.suse.com/954872
https://bugzilla.suse.com/957986
https://bugzilla.suse.com/958848
https://bugzilla.suse.com/961600
https://bugzilla.suse.com/963161
https://bugzilla.suse.com/964427
https://bugzilla.suse.com/973188
https://bugzilla.suse.com/973631
https://bugzilla.suse.com/974038
https://bugzilla.suse.com/975130
https://bugzilla.suse.com/975138
https://bugzilla.suse.com/975907
https://bugzilla.suse.com/976058
https://bugzilla.suse.com/976111
https://bugzilla.suse.com/978164
https://bugzilla.suse.com/978295
https://bugzilla.suse.com/978413
https://bugzilla.suse.com/979620
https://bugzilla.suse.com/979670
https://bugzilla.suse.com/980716
https://bugzilla.suse.com/980724
https://bugzilla.suse.com/981264
https://bugzilla.suse.com/981276
https://bugzilla.suse.com/982024
https://bugzilla.suse.com/982025
https://bugzilla.suse.com/982026
https://bugzilla.suse.com/982224
https://bugzilla.suse.com/982225
https://bugzilla.suse.com/982286
https://bugzilla.suse.com/982695
https://bugzilla.suse.com/982960
https://bugzilla.suse.com/983973
https://bugzilla.suse.com/983984
https://bugzilla.suse.com/984981
https://bugzilla.suse.com/985503
https://bugzilla.suse.com/986586
https://bugzilla.suse.com/988675
https://bugzilla.suse.com/988676
https://bugzilla.suse.com/990843
https://bugzilla.suse.com/990923
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0