[security-announce] SUSE-SU-2017:0407-1: important: Security update for the Linux Kernel

6 Feb 2017

      SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0407-1
Rating:             important
References:         #1003813 #1005666 #1007197 #1008557 #1008567 
                    #1008831 #1008833 #1008876 #1008979 #1009062 
                    #1009969 #1010040 #1010213 #1010294 #1010475 
                    #1010478 #1010501 #1010502 #1010507 #1010612 
                    #1010711 #1010716 #1011685 #1012060 #1012422 
                    #1012754 #1012917 #1012985 #1013001 #1013038 
                    #1013479 #1013531 #1013533 #1013540 #1013604 
                    #1014410 #1014746 #1016713 #1016725 #1016961 
                    #1017164 #1017170 #1017410 #1017710 #1018100 
                    #1019032 #1019148 #1019260 #1019300 #1019783 
                    #1019851 #1020214 #1020602 #1021258 #856380 
                    #857394 #858727 #921338 #921778 #922052 #922056 
                    #923036 #923037 #924381 #938963 #972993 #980560 
                    #981709 #983087 #983348 #984194 #984419 #985850 
                    #987192 #987576 #990384 #991273 #993739 #997807 
                    #999101 
Cross-References:   CVE-2015-8962 CVE-2015-8963 CVE-2015-8964
                    CVE-2016-10088 CVE-2016-7910 CVE-2016-7911
                    CVE-2016-7913 CVE-2016-7914 CVE-2016-8399
                    CVE-2016-8632 CVE-2016-8633 CVE-2016-8645
                    CVE-2016-8655 CVE-2016-9083 CVE-2016-9084
                    CVE-2016-9555 CVE-2016-9576 CVE-2016-9756
                    CVE-2016-9793 CVE-2016-9794 CVE-2016-9806
                    CVE-2017-2583 CVE-2017-2584 CVE-2017-5551

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP1
______________________________________________________________________________

   An update that solves 24 vulnerabilities and has 56 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem
     that allowed local users to gain privileges or cause a denial of service
     (memory corruption and system crash) (bnc#1010501).
   - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010502).
   - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that
     allowed local users to obtain sensitive information from kernel memory
     (bnc#1010507).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free)
     (bnc#1017710).
   - CVE-2016-7910: Fixed a use-after-free vulnerability in the block
     subsystem that allowed local users to gain privileges (bnc#1010716).
   - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function
     that allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010711).
   - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010478).
   - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did
     not check whether a slot is a leaf, which allowed local users to obtain
     sensitive information from kernel memory or cause a denial of service
     (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
   - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could
     have enabled a local malicious application to execute arbitrary code
     within the context of the kernel. (bnc#1014746).
   - CVE-2016-8632: The net subsystem did not validate the relationship
     between the minimum fragment length and the maximum packet size, which
     allowed local users to gain privileges or cause a denial of service
     (heap-based buffer overflow) (bnc#1008831).
   - CVE-2016-8633: The firewire subsystem allowed remote attackers to
     execute arbitrary code via crafted fragmented packets in certain unusual
     hardware configurations (bnc#1008833).
   - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
     truncation, which allowed local users to cause a denial of service
     (system crash) (bnc#1009969).
   - CVE-2016-8655: Fixed a race condition in the network subsystem that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1012754).
   - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow
     checks and cause a denial of service (memory corruption) or have
     unspecified other impact (bnc#1007197).
   - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which
     allowed local users to cause a denial of service (integer overflow) or
     have unspecified other impact (bnc#1007197).
   - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote
     attackers to cause a denial of service (out-of-bounds slab access) or
     possibly have unspecified other impact via crafted SCTP data
     (bnc#1011685).
   - CVE-2016-9576: The block subsystem did not properly restrict the type of
     iterator, which allowed local users to read or write to arbitrary kernel
     memory locations or cause a denial of service (use-after-free)
     (bnc#1013604).
   - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS)
     in certain error cases, which allowed local users to obtain sensitive
     information from kernel stack memory (bnc#1013038).
   - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf
     and sk_rcvbuf, which allowed local users to cause a denial of service
     (memory corruption and system crash) or possibly have unspecified other
     impact (bnc#1013531).
   - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed
     local users to cause a denial of service (use-after-free) or possibly
     have unspecified other impact (bnc#1013533).
   - CVE-2016-9806: Fixed a race condition in the netlink_dump() function
     which could have allowed local users to cause a denial of service
     (double free) or possibly have unspecified other impact (bnc#1013540).
   - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector"
     (bsc#1020602).
   - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local
     users to obtain sensitive information from kernel memory or cause a
     denial of service (use-after-free) (bnc#1019851).
   - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set
     setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).

   The following non-security bugs were fixed:

   - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
   - block_dev: do not test bdev->bd_contains when it is not stable
     (bsc#1008557).
   - bna: Add synchronization for tx ring (bsc#993739).
   - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052
     bsc#922056).
   - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
   - bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
   - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space
     (bsc#1005666).
   - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c
     (bsc#983087).
   - btrfs: Revert "do not delay inode ref updates during log replay"
     (bsc#987192).
   - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in
     btrfs_ioctl (bsc#1018100).
   - btrfs: do not delay inode ref updates during log replay (bsc#987192).
   - btrfs: fix incremental send failure caused by balance (bsc#985850).
   - btrfs: fix relocation incorrectly dropping data references (bsc#990384).
   - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
     (bsc#981709).
   - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing
     (bsc#983087).
   - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
     (bsc#981709).
   - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
   - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)
     (bsc#1008876).
   - cpuset: fix sched_load_balance that was accidentally broken in a
     previous update (bsc#1010294).
   - ext4: fix data exposure after a crash (bsc#1012985).
   - fs/dcache: move the call of __d_drop(anon) into
     __d_materialise_unique(dentry, anon) (bsc#984194).
   - fuse: do not use iocb after it may have been freed (bsc#1012985).
   - hpilo: Add support for iLO5 (bsc#999101).
   - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381
     bsc#921338).
   - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
   - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).
   - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).
   - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
   - ibmveth: calculate gso_segs for large packets (bsc#1019148).
   - ibmveth: check return of skb_linearize in ibmveth_start_xmit
     (bsc#1019148).
   - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
   - ibmveth: set correct gso_size and gso_type (bsc#1019148).
   - igb: Fix oops caused by missing queue pairing (bnc#857394).
   - ipmi_si: create hardware-independent softdep for ipmi_devintf
     (bsc#1009062).
   - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
   - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).
   - kabi: protect __sk_mem_reclaim (kabi).
   - kabi: protect struct perf_event_context (kabi).
   - kabi: reintroduce sk_filter (kabi).
   - kernel: remove broken memory detection sanity check (bnc#1008567,
     LTC#148072).
   - kgr: ignore zombie tasks during the patching (bnc#1008979).
   - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread
     (bsc#1010612).
   - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
   - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
   - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).
   - net/mlx5e: Do not modify CQ before it was created (bnc#923036).
   - net/mlx5e: Do not try to modify CQ moderation if it is not supported
     (bnc#923036).
   - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).
   - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
   - netback: correct array index (bsc#983348).
   - nfsv4: Cap the transport reconnection timer at 1/2 lease period
     (bsc#1014410).
   - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
   - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410).
   - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
   - posix_acl: Fixup acl reference leak and missing conversions in ext3,
     gfs2, jfs, hfsplus.
   - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec
     (bsc#1003813).
   - proc: avoid including "mountproto=" with no protocol in /proc/mounts
     (bsc#1019260).
   - raid1: ignore discard error (bsc#1017164).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
   - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter
     (bsc#1012060)
   - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
   - serial: 8250_pci: Detach low-level driver during PCI error recovery
     (bsc#1013001).
   - sfc: clear napi_hash state when copying channels (bsc#923037).
   - sfc: fix potential stack corruption from running past stat bitmask
     (bsc#923037).
   - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
   - sunrpc: Enforce an upper limit on the number of cached credentials
     (bsc#1012917).
   - sunrpc: Fix reconnection timeouts (bsc#1014410).
   - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
     (bsc#1014410).
   - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT
     REACHABLE (bsc#991273).
   - target: add XCOPY target/segment desc sense codes (bsc#991273).
   - target: bounds check XCOPY segment descriptor list (bsc#991273).
   - target: bounds check XCOPY total descriptor list length (bsc#991273).
   - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
   - target: check for XCOPY parameter truncation (bsc#991273).
   - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense
     (bsc#991273).
   - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
   - target: support XCOPY requests without parameters (bsc#991273).
   - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
   - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
   - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
     (bsc#921778).
   - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
   - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
     (bsc#1013479).
   - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short
     jumps to it (bsc#984419).
   - xenbus: correctly signal errors from xenstored_local_init() (luckily
     none so far).
   - xfs: allow lazy sb counter sync during filesystem freeze sequence
     (bsc#980560).
   - xfs: refactor xlog_recover_process_data() (bsc#1019300).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP1:

      zypper in -t patch SUSE-SLE-RT-12-SP1-2017-202=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch):

      kernel-devel-rt-3.12.69-60.30.1
      kernel-source-rt-3.12.69-60.30.1

   - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64):

      kernel-compute-3.12.69-60.30.1
      kernel-compute-base-3.12.69-60.30.1
      kernel-compute-base-debuginfo-3.12.69-60.30.1
      kernel-compute-debuginfo-3.12.69-60.30.1
      kernel-compute-debugsource-3.12.69-60.30.1
      kernel-compute-devel-3.12.69-60.30.1
      kernel-compute_debug-debuginfo-3.12.69-60.30.1
      kernel-compute_debug-debugsource-3.12.69-60.30.1
      kernel-compute_debug-devel-3.12.69-60.30.1
      kernel-compute_debug-devel-debuginfo-3.12.69-60.30.1
      kernel-rt-3.12.69-60.30.1
      kernel-rt-base-3.12.69-60.30.1
      kernel-rt-base-debuginfo-3.12.69-60.30.1
      kernel-rt-debuginfo-3.12.69-60.30.1
      kernel-rt-debugsource-3.12.69-60.30.1
      kernel-rt-devel-3.12.69-60.30.1
      kernel-rt_debug-debuginfo-3.12.69-60.30.1
      kernel-rt_debug-debugsource-3.12.69-60.30.1
      kernel-rt_debug-devel-3.12.69-60.30.1
      kernel-rt_debug-devel-debuginfo-3.12.69-60.30.1
      kernel-syms-rt-3.12.69-60.30.1

References:

   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8963.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7913.html
   https://www.suse.com/security/cve/CVE-2016-7914.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8632.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8645.html
   https://www.suse.com/security/cve/CVE-2016-8655.html
   https://www.suse.com/security/cve/CVE-2016-9083.html
   https://www.suse.com/security/cve/CVE-2016-9084.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9576.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2016-9794.html
   https://www.suse.com/security/cve/CVE-2016-9806.html
   https://www.suse.com/security/cve/CVE-2017-2583.html
   https://www.suse.com/security/cve/CVE-2017-2584.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003813
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1007197
   https://bugzilla.suse.com/1008557
   https://bugzilla.suse.com/1008567
   https://bugzilla.suse.com/1008831
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008876
   https://bugzilla.suse.com/1008979
   https://bugzilla.suse.com/1009062
   https://bugzilla.suse.com/1009969
   https://bugzilla.suse.com/1010040
   https://bugzilla.suse.com/1010213
   https://bugzilla.suse.com/1010294
   https://bugzilla.suse.com/1010475
   https://bugzilla.suse.com/1010478
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010502
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010612
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1012060
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012754
   https://bugzilla.suse.com/1012917
   https://bugzilla.suse.com/1012985
   https://bugzilla.suse.com/1013001
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013479
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013533
   https://bugzilla.suse.com/1013540
   https://bugzilla.suse.com/1013604
   https://bugzilla.suse.com/1014410
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1016713
   https://bugzilla.suse.com/1016725
   https://bugzilla.suse.com/1016961
   https://bugzilla.suse.com/1017164
   https://bugzilla.suse.com/1017170
   https://bugzilla.suse.com/1017410
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1018100
   https://bugzilla.suse.com/1019032
   https://bugzilla.suse.com/1019148
   https://bugzilla.suse.com/1019260
   https://bugzilla.suse.com/1019300
   https://bugzilla.suse.com/1019783
   https://bugzilla.suse.com/1019851
   https://bugzilla.suse.com/1020214
   https://bugzilla.suse.com/1020602
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/856380
   https://bugzilla.suse.com/857394
   https://bugzilla.suse.com/858727
   https://bugzilla.suse.com/921338
   https://bugzilla.suse.com/921778
   https://bugzilla.suse.com/922052
   https://bugzilla.suse.com/922056
   https://bugzilla.suse.com/923036
   https://bugzilla.suse.com/923037
   https://bugzilla.suse.com/924381
   https://bugzilla.suse.com/938963
   https://bugzilla.suse.com/972993
   https://bugzilla.suse.com/980560
   https://bugzilla.suse.com/981709
   https://bugzilla.suse.com/983087
   https://bugzilla.suse.com/983348
   https://bugzilla.suse.com/984194
   https://bugzilla.suse.com/984419
   https://bugzilla.suse.com/985850
   https://bugzilla.suse.com/987192
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/991273
   https://bugzilla.suse.com/993739
   https://bugzilla.suse.com/997807
   https://bugzilla.suse.com/999101

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] SUSE-SU-2017:0407-1: important: Security update for the Linux Kernel

opensuse-security＠opensuse.org