openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1382-1 Rating: important References: #957988 #970892 #970911 #970948 #970955 #970956 #970958 #970970 #971124 #971360 #971628 #972174 #973378 #974418 #975868 Cross-References: CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3689 CVE-2016-3951 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has four fixes is now available. Description: The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948). - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955). - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956). - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911). - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970). - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418). - CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892). - CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958). - CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124). - CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628). - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Backport arm64 patches from SLE12-SP1-ARM - Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes. - Revert "drm/radeon: call hpd_irq_event on resume" (boo#975868). - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module. - backends: guarantee one time reads of shared ring contents (bsc#957988). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - net: thunderx: Use napi_schedule_irqoff() - netback: do not use last request to determine minimum Tx credit (bsc#957988). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-629=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.21-14.2 kernel-debug-base-4.1.21-14.2 kernel-debug-base-debuginfo-4.1.21-14.2 kernel-debug-debuginfo-4.1.21-14.2 kernel-debug-debugsource-4.1.21-14.2 kernel-debug-devel-4.1.21-14.2 kernel-debug-devel-debuginfo-4.1.21-14.2 kernel-ec2-4.1.21-14.2 kernel-ec2-base-4.1.21-14.2 kernel-ec2-base-debuginfo-4.1.21-14.2 kernel-ec2-debuginfo-4.1.21-14.2 kernel-ec2-debugsource-4.1.21-14.2 kernel-ec2-devel-4.1.21-14.2 kernel-pv-4.1.21-14.2 kernel-pv-base-4.1.21-14.2 kernel-pv-base-debuginfo-4.1.21-14.2 kernel-pv-debuginfo-4.1.21-14.2 kernel-pv-debugsource-4.1.21-14.2 kernel-pv-devel-4.1.21-14.2 kernel-vanilla-4.1.21-14.2 kernel-vanilla-debuginfo-4.1.21-14.2 kernel-vanilla-debugsource-4.1.21-14.2 kernel-vanilla-devel-4.1.21-14.2 kernel-xen-4.1.21-14.2 kernel-xen-base-4.1.21-14.2 kernel-xen-base-debuginfo-4.1.21-14.2 kernel-xen-debuginfo-4.1.21-14.2 kernel-xen-debugsource-4.1.21-14.2 kernel-xen-devel-4.1.21-14.2 - openSUSE Leap 42.1 (i586 x86_64): kernel-default-4.1.21-14.2 kernel-default-base-4.1.21-14.2 kernel-default-base-debuginfo-4.1.21-14.2 kernel-default-debuginfo-4.1.21-14.2 kernel-default-debugsource-4.1.21-14.2 kernel-default-devel-4.1.21-14.2 kernel-obs-build-4.1.21-14.4 kernel-obs-build-debugsource-4.1.21-14.4 kernel-obs-qa-4.1.21-14.2 kernel-obs-qa-xen-4.1.21-14.2 kernel-syms-4.1.21-14.2 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.21-14.2 kernel-docs-4.1.21-14.5 kernel-docs-html-4.1.21-14.5 kernel-docs-pdf-4.1.21-14.5 kernel-macros-4.1.21-14.2 kernel-source-4.1.21-14.2 kernel-source-vanilla-4.1.21-14.2 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.21-14.2 kernel-pae-base-4.1.21-14.2 kernel-pae-base-debuginfo-4.1.21-14.2 kernel-pae-debuginfo-4.1.21-14.2 kernel-pae-debugsource-4.1.21-14.2 kernel-pae-devel-4.1.21-14.2 References: https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://bugzilla.suse.com/957988 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/975868 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org