Update for DirectFB, DirectFB.3723, GraphicsMagi... security important

Security update for Linux Kernel

The Linux kernel was updated to fix bugs and security issues:

Following security issues were fixed:
CVE-2015-2830: A flaw was found in the way the Linux kernels 32-bit
emulation implementation handled forking or closing of a task with
an int80 entry. A local user could have potentially used this flaw to
escalate their privileges on the system.

CVE-2015-2042: A kernel information leak in rds sysctl files was fixed.

CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename
function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux
kernel allowed local users to cause a denial of service (buffer overflow
and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by
local users.

CVE-2015-2666: A buffer overflow when loading microcode files into the
kernel could be used by the administrator to execute code in the kernel,
bypassing secure boot measures.

- CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update
function in net/sctp/associola.c in the Linux kernel allowed remote
attackers to cause a denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data.

- CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of
the PCI command register of passed through cards, which could lead to
Host system crashes.

- CVE-2015-0777: The XEN usb backend could leak information to the guest
system due to copying uninitialized memory.

- CVE-2015-1593: A integer overflow reduced the effectiveness of the
stack randomization on 64-bit systems.

- CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
in the Linux kernel did not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which made
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address.

- CVE-2014-9428: The batadv_frag_merge_packets function in
net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the
Linux kernel used an incorrect length field during a calculation of an
amount of memory, which allowed remote attackers to cause a denial of
service (mesh-node system crash) via fragmented packets.

- CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allowed remote attackers to bypass intended access restrictions
via packets with disallowed port numbers.

- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause
a denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to a
key structure member during garbage collection of a key.

- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
Linux kernel did not restrict the number of Rock Ridge continuation
entries, which allowed local users to cause a denial of service (infinite
loop, and system crash or hang) via a crafted iso9660 image.

- CVE-2014-9584: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel did not validate a length value
in the Extensions Reference (ER) System Use Field, which allowed local
users to obtain sensitive information from kernel memory via a crafted
iso9660 image.

- CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
Linux kernel did not properly choose memory locations for the vDSO area,
which made it easier for local users to bypass the ASLR protection
mechanism by guessing a location at the end of a PMD.

- CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
through did not properly maintain the semantics of rename_lock,
which allowed local users to cause a denial of service (deadlock and
system hang) via a crafted application.

- CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
in the Linux kernel used an improper paravirt_enabled setting for KVM
guest kernels, which made it easier for guest OS users to bypass the ASLR
protection mechanism via a crafted application that reads a 16-bit value.

Following bugs were fixed:
- powerpc/pci: Fix IO space breakage after of_pci_range_to_resource() change (bnc#922542).

- cifs: fix use-after-free bug in find_writable_file (bnc#909477).

- usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581).

- fuse: honour max_read and max_write in direct_io mode (bnc#918954).

- switch iov_iter_get_pages() to passing maximal number of pages (bnc#918954).

- bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440).
Updated because another version went upstream

- drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970).

- NFS: Don't try to reclaim delegation open state if recovery
failed (boo#909634).
- NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids
are revoked (boo#909634).
- NFSv4: Fix races between nfs_remove_bad_delegation() and
delegation return (boo#909634).
- NFSv4: Ensure that we remove NFSv4.0 delegations when state
has expired (boo#909634).
- Fixing lease renewal (boo#909634).

- bcache: Fix a bug when detaching (bsc#908582).

- fix a leak in bch_cached_dev_run() (bnc#910440).
- bcache: unregister reboot notifier when bcache fails to register
a block device (bnc#910440).
- bcache: fix a livelock in btree lock (bnc#910440).
- bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching
a backing device (bnc#910440).
- bcache: Add a cond_resched() call to gc (bnc#910440).

- storvsc: ring buffer failures may result in I/O freeze
(bnc#914175).

- ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608).
- ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in
compat mode (boo#916608).
- ALSA: bebob: Uninitialized id returned by
saffirepro_both_clk_src_get (boo#916608).
- ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604).
- ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#921313).

- [media] sound: Update au0828 quirks table (boo#916608).
- [media] sound: simplify au0828 quirk table (boo#916608).

- ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam
C210 (boo#916608).
- ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC
(boo#916608).
- ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon
devices (boo#916608).
- ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608).
- ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
(boo#916608).

- ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda
(boo#916608).
- ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for
IDT/STAC codecs (boo#916608).
- ALSA: hda/realtek - New codec support for ALC298 (boo#916608).
- ALSA: hda/realtek - New codec support for ALC256 (boo#916608).
- ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset
mode (boo#916608).
- ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608).
- ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210
(boo#916608).
- ALSA: hda/realtek - Add headset Mic support for new Dell machine
(boo#916608).
- ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP
(boo#916608).
- ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH
(boo#916608).
- ALSA: hda - add codec ID for Braswell display audio codec
(boo#916608).
- ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).
- ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212)
(boo#916608).

- ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858).

- rpm/kernel-binary.spec.in: Fix build if there is no *.crt file

- mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled
process being killed (VM Functionality bnc#910150).

- Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

- mnt: Implicitly add MNT_NODEV on remount when it was implicitly
added by mount (bsc#907988).

- Btrfs: fix scrub race leading to use-after-free (bnc#915456).
- Btrfs: fix setup_leaf_for_split() to avoid leaf corruption
(bnc#915454).
- Btrfs: fix fsync log replay for inodes with a mix of regular
refs and extrefs (bnc#915425).
- Btrfs: fix fsync when extend references are added to an inode
(bnc#915425).
- Btrfs: fix directory inconsistency after fsync log replay
(bnc#915425).
- Btrfs: make xattr replace operations atomic (bnc#913466).
- Btrfs: fix directory recovery from fsync log (bnc#895797).
- Btrfs: simplify insert_orphan_item (boo#926385).
- Btrfs: set proper message level for skinny metadata.
- Btrfs: make sure we wait on logged extents when fsycning two subvols.
- Btrfs: fix lost return value due to variable shadowing.
- Btrfs: fix leak of path in btrfs_find_item.
- Btrfs: fix fsync data loss after adding hard link to inode.
- Btrfs: fix fs corruption on transaction abort if device
supports discard.
- Btrfs: fix data loss in the fast fsync path.
- Btrfs: don't delay inode ref updates during log replay.
- Btrfs: do not move em to modified list when unpinning.
- Btrfs:__add_inode_ref: out of bounds memory read when looking
for extended ref.
- Btrfs: fix inode eviction infinite loop after cloning into it
(boo#905088).

- bcache: add mutex lock for bch_is_open (bnc#908612).
- bcache: Correct printing of btree_gc_max_duration_ms
(bnc#908610).
- bcache: fix crash with incomplete cache set (bnc#908608).
- bcache: fix memory corruption in init error path (bnc#908606).
- bcache: Fix more early shutdown bugs (bnc#908605).
- bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604).
- bcache: Fix an infinite loop in journal replay (bnc#908603).
- bcache: fix typo in bch_bkey_equal_header (bnc#908598).
- bcache: Make sure to pass GFP_WAIT to mempool_alloc()
(bnc#908596).
- bcache: fix crash on shutdown in passthrough mode (bnc#908594).
- bcache: fix lockdep warnings on shutdown (bnc#908593).
- bcache allocator: send discards with correct size (bnc#908592).
- bcache: Fix to remove the rcu_sched stalls (bnc#908589).
- bcache: Fix a journal replay bug (bnc#908588).

- Update x86_64 config files: CONFIG_SENSORS_NCT6683=m
The nct6683 driver is already enabled on i386 and history suggests
that it not being enabled on x86_64 is by mistake.

- rpm/kernel-binary.spec.in: Own the modules directory in the devel
package (bnc#910322)

- Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
(bnc#900811).

- mm: free compound page with correct order (bnc#913695).

- drm/i915: More cautious with pch fifo underruns (boo#907039).

- Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge support)

- x86/microcode/intel: Fish out the stashed microcode for the BSP
(bsc#903589).
- x86, microcode: Reload microcode on resume (bsc#903589).
- x86, microcode: Don't initialize microcode code on paravirt
(bsc#903589).
- x86, microcode, intel: Drop unused parameter (bsc#903589).
- x86, microcode, AMD: Do not use smp_processor_id() in preemtible
context (bsc#903589).
- x86, microcode: Update BSPs microcode on resume (bsc#903589).
- x86, microcode, AMD: Fix ucode patch stashing on 32-bit
(bsc#903589).
- x86, microcode: Fix accessing dis_ucode_ldr on 32-bit
(bsc#903589).
- x86, microcode, AMD: Fix early ucode loading on 32-bit
(bsc#903589).

- Bluetooth: Add support for Broadcom BCM20702A0 variants firmware
download (bnc#911311).

- drm/radeon: fix sad_count check for dce3 (bnc#911356).

- drm/i915: Don't call intel_prepare_page_flip() multiple times
on gen2-4 (bnc#911835).

- udf: Check component length before reading it.
- udf: Check path length when reading symlink.
- udf: Verify symlink size before loading it.
- udf: Verify i_size when loading inode.

- arm64: Enable DRM
- arm64: Enable generic PHB driver (bnc#912061).

- ACPI / video: Add some Samsung models to
disable_native_backlight list (boo#905681).

- asus-nb-wmi: Add another wapf=4 quirk (boo#911438).
- asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438).
- asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).
- asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438).
- asus-nb-wmi: Constify asus_quirks DMI table (boo#911438).
- asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438).
- asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).
- asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438).
- WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438).

- Input: synaptics - gate forcepad support by DMI check
(bnc#911578).

- ext4: introduce aging to extent status tree (bnc#893428).
- ext4: cleanup flag definitions for extent status tree
(bnc#893428).
- ext4: limit number of scanned extents in status tree shrinker
(bnc#893428).
- ext4: move handling of list of shrinkable inodes into extent
status code (bnc#893428).
- ext4: change LRU to round-robin in extent status tree shrinker
(bnc#893428).
- ext4: cache extent hole in extent status tree for
ext4_da_map_blocks() (bnc#893428).
- ext4: fix block reservation for bigalloc filesystems
(bnc#893428).
- ext4: track extent status tree shrinker delay statictics
(bnc#893428).
- ext4: improve extents status tree trace point (bnc#893428).

- rpm/kernel-binary.spec.in: Provide name-version-release for kgraft
packages (bnc#901925)

- rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs

- doc/README.SUSE: update Solid Driver team contacts

- rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199)

- Port module signing changes from SLE11-SP3 (fate#314508)

- doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document
after installation.

- Update config files. (boo#925479)
Do not set CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future
openSUSE version:
e.g. MODULE_SIG, IMA, PKCS7(new), KEXEC_BZIMAGE_VERIFY_SIG(new)

- Input: xpad - use proper endpoint type (bnc#926397).

- md: don't require sync_min to be a multiple of chunk_size
(bnc#910500).

Fixed bugs
bnc#926240
VUL-0: CVE-2015-2830: kernel-source: int80 fork from 64-bit tasks mishandling
bnc#927018
kernel-desktop-3.16.7-13.2 breaks module compatibility
bnc#925479
failure of loading in-kernel X.509 certificate
bnc#907818
VUL-0: CVE-2014-9090: kernel: x86_64, traps: Stop using IST for #SS
bnc#909077
VUL-0: CVE-2014-8133: kernel: tls: Validate TLS entries to protect espfix
bnc#909477
cifs crashes system on network issue
bnc#911326
VUL-0: CVE-2014-9419: kernel-source: partial ASLR bypass through TLS base addresses leak
bnc#915577
VUL-0: CVE-2015-1421: kernel: net: sctp: slab corruption from use after free on INIT collisions
bnc#917830
VUL-0: CVE-2015-0777: kernel: xen/usbback/usbback.c information leak to guest
bnc#919463
VUL-0: CVE-2015-2150: kernel: xen, XSA-120: Non-maskable interrupts triggerable by guests
bnc#920604
Internal mic no sound after upgrade openSUSE 13.1 to 13.2 on CQ60 laptop
bnc#921313
HD-audio controller fallback breakage
bnc#922542
kernel fails to find virtio root device
bnc#922944
VUL-1: CVE-2015-2666: kernel: overflow in microcode loader
bnc#916608
Missing backports of sound fixes from stable kernel for 3.16.x kernels
bnc#908598
bcache: typo in validating checksums
bnc#908596
bcache: GFP_WAIT wasn't passed correctly
bnc#908594
bcache: crash on shutdown while in passthrough mode
bnc#908593
broken bcache warnings on shutdown
bnc#908592
bcache discards with the incorrect size
bnc#908610
bcache: incorrect printing of values
bnc#900811
iwlmvm and mac80211 crash randomly - restarting wpa_supplicant helps restore connectivity
bnc#912705
VUL-0: CVE-2014-9585: kernel-source: ASLR bruteforce possible for vdso library
bnc#912061
arm64: Kernel is missing generic PCI and VGA support
bnc#915454
Btrfs: very rare race condition that leads to leaf corruption, triggering BUG_ON() and failure to do file updates
bnc#913695
possible memory leak in kernel 3.16.7
bnc#915456
Btrfs: race condition in scrub leading to invalid memory access/crash
bnc#917839
VUL-0: CVE-2015-1593: kernel: reduced entropy in stack randomisation
bnc#912429
VUL-0: CVE-2014-9428: kernel: remote denial of service via batman-adv module
bnc#920581
Kernel panic when mounting USB hard disk
bnc#867199
invalid firmware signature
bnc#908603
bcache: infinite loop in journal replay
bnc#911578
Touchpad Left button not worked at all (Lenovo laptops)
bnc#915858
Sound is not working on my laptop using its FCH Azalia soundcard [1022:780d]
bnc#908606
bcache: memory corruption in init error path
bnc#908605
bcache: early shutdown bugs
bnc#908604
bcache: freeing new_nodes too often generates a lockdep warning
bnc#911326
VUL-0: CVE-2014-9419: kernel-source: partial ASLR bypass through TLS base addresses leak
bnc#909634
NFS: 100% iowait CPU load with error -10023 (STALE_STATE_ID) or -10025 (BAD_STATE_ID)
bnc#903640
VUL-0: CVE-2014-8559: kernel: fs: deadlock due to incorrect usage of rename_lock
bnc#911325
VUL-0: CVE-2014-9420: kernel-source: fs: isofs: infinite loop in CE record entries
bnc#903589
amd microcode upgrades only select cores not all? 2 out of 4?, opensuse 13.2 x86
bnc#895797
Btrfs: directory recovery from fsync log leaves directory inode with an incorrect i_size
bnc#907039
i915 drm driver complains: *ERROR* pipe A/B underrun
bnc#908582
bcache device cannot be detached twice
bnc#915425
Btrfs: several fsync issues, after log replay directory metadata is inconsistent, leaving dangling dentries and impossible to remove directories
bnc#911438
Wireless LAN doesn't work on Asus P550CC laptop
bnc#908588
journal replay bug in bcache
bnc#908589
infinite looping in bcaches journal.c
bnc#910150
kernel kswapd infinite loop issue - SLES12
bnc#904899
VUL-1: kernel: ability to read out more memory than allowed in evdev ioctl
bnc#913466
Btrfs: fix non-atomicity of xattr replace operations, backport fix from upstream kernel 3.19
bnc#914175
[Hyper-V]: storvsc: ring buffer failures may result in I/O freeze
bnc#912202
VUL-0: CVE-2014-9529: kernel-source: security/keys/gc.c race condition
bnc#905681
Intel backlight does not adjust, but only turns on/off in kernel 3.16 on Samsung laptop
bnc#901925
Enable kgraft-patch-{default,xen} installation together with corresponding kernel
bnc#910322
kernel-macros: kernel removal leaves empty orphan directory
bnc#918954
kernel 3.16.7.-7-desktop shows davfs2 relevant bug known of kernel branch 3.17
bnc#913059
VUL-0: CVE-2014-8160: kernel-source: SCTP firewalling fails until SCTP module is loaded
bnc#911835
kernel 3.18.1-1-desktop freezes with 965GM Intel integrated graphics in Tumbleweed
bnc#908608
bcache: crash with incomplete cache set
bnc#911311
Firmware for internal bluetooth interface BCM20702A0 not loaded by kernel module btusb
bnc#910440
"soft lockup CPU#0 stuck..." with bache devices
bnc#911356
HDMI: kernel BUG at ../drivers/gpu/drm/radeon/dce3_1_afmt.c:110!
bnc#918970
Crash in i915_gem_userptr_mn_invalidate_range_start
bnc#909078
VUL-0: CVE-2014-8134: kernel: paravirt_enabled disables espfix32
bnc#893428
cpu soft lockup in ext4_es_lru_del
bnc#907988
libvirt containers with user namespaces can't start
bnc#908612
bcache: missing mutex lock
bnc#919018
VUL-0: CVE-2015-2042: kernel: Incorrect data type in rds_sysctl_rds_table
bnc#918333
VUL-0: CVE-2014-9683: kernel: eCryptfs writes past the end of the allocated buffer
bnc#926385
btrfs mount hangs with kernels 3.19.1+
bnc#926397
some xpad devices fail with a kernel warning
bnc#905088
WARNING: CPU: 0 PID: 7399 at ../fs/btrfs/extent_io.c:430 insert_state+0x6a/0x1b0 [btrfs]()
bnc#919032
VUL-0: CVE-2015-0275: kernel: fs: ext4: fallocate zero range page size > block size BUG()
bnc#910500
VUL-0: CVE-2014-5220: mdadm: mdcheck doesnt validate the input of mdadm --detail --export, possible command injection
Selected Binaries
openSUSE Build Service is sponsored by