Overview Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE 13.2 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed:
- CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI
handler and espfix64 functionalities interacted during NMI processing. A
local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
- CVE-2015-3212: A race condition flaw was found in the way the Linux
kernels SCTP implementation handled Address Configuration lists when
performing Address Configuration Change (ASCONF). A local attacker
could use this flaw to crash the system via a race condition triggered
by setting certain ASCONF options on a socket.
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns)
via UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-4700: A local user could have created a bad instruction in
the JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during
the execution of this function (bnc#915517).
- CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by leveraging /dev/kvm access for an ioctl call (bnc#935542).
- CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:
Various problems in the UDF filesystem were fixed that could lead to
crashes when mounting prepared udf filesystems.
- CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN
driver in the Linux kernel did not ensure that certain length values
are sufficiently large, which allowed remote attackers to cause a
denial of service (system crash or large loop) or possibly execute
arbitrary code via a crafted packet, related to the (1) oz_usb_rx and
(2) oz_usb_handle_ep_data functions (bnc#933934).
- CVE-2015-4003: The oz_usb_handle_ep_data function in
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the
Linux kernel allowed remote attackers to cause a denial of service
(divide-by-zero error and system crash) via a crafted packet (bnc#933934).
- CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf
function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in
the Linux kernel allowed remote attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted packet
(bnc#933934).
- CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed.
- CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c
in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack
in the Linux kernel allowed remote attackers to reconfigure a hop-limit
setting via a small hop_limit value in a Router Advertisement (RA)
message (bnc#922583).
- CVE-2015-3636: It was found that the Linux kernels ping socket
implementation did not properly handle socket unhashing during spurious
disconnects, which could lead to a use-after-free flaw. On x86-64
architecture systems, a local user able to create ping sockets could
use this flaw to crash the system. On non-x86-64 architecture systems,
a local user able to create ping sockets could use this flaw to escalate
their privileges on the system.
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bnc#919007).
- CVE-2015-3339: Race condition in the prepare_binprm function in
fs/exec.c in the Linux kernel allowed local users to gain privileges
by executing a setuid program at a time instant when a chown to root
is in progress, and the ownership is changed but the setuid bit is not
yet stripped.
- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not
properly consider the length of the Read-Copy Update (RCU) grace period
for redirecting lookups in the absence of caching, which allowed remote
attackers to cause a denial of service (memory consumption or system
crash) via a flood of packets (bnc#916225).

The following non-security bugs were fixed:
- ALSA: ak411x: Fix stall in work callback (boo#934755).
- ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755).
- ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755).
- ALSA: emu10k1: do not deadlock in proc-functions (boo#934755).
- ALSA: emux: Fix mutex deadlock at unloading (boo#934755).
- ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755).
- ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup) (boo#934755).
- ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 (boo#934755).
- ALSA: hda - Add common pin macros for ALC269 family (boo#934755).
- ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755).
- ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755).
- ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755).
- ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755).
- ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755).
- ALSA: hda - Add one more node in the EAPD supporting candidate list (boo#934755).
- ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec (boo#934755).
- ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755).
- ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755).
- ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755).
- ALSA: hda - Disable runtime PM for Panther Point again (boo#934755).
- ALSA: hda - Do not access stereo amps for mono channel widgets (boo#934755).
- ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out (boo#934755).
- ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755).
- ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755).
- ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller (boo#934755).
- ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk (boo#934755).
- ALSA: hda - One more HP machine needs to change mute led quirk (boo#934755).
- ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755).
- ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755).
- ALSA: hda - Treat stereo-to-mono mix properly (boo#934755).
- ALSA: hda - change three SSID quirks to one pin quirk (boo#934755).
- ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755).
- ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid (boo#934755).
- ALSA: hda - fix headset mic detection problem for one more machine (boo#934755).
- ALSA: hda - fix mute led problem for three HP laptops (boo#934755).
- ALSA: hda - set proper caps for newer AMD hda audio in KB/KV (boo#934755).
- ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755).
- ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 (boo#934755).
- ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 (boo#934755).
- ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256 (boo#934755).
- ALSA: hda/realtek - Make more stable to get pin sense for ALC283 (boo#934755).
- ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755).
- ALSA: hda/realtek - Support HP mute led for output and input (boo#934755).
- ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755).
- ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755).
- ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755).
- ALSA: pcm: Do not leave PREPARED state after draining (boo#934755).
- ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755).
- ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support (boo#934755).
- ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755).
- ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate (boo#934755).
- ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample rate (boo#934755).
- ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755).
- ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate (boo#934755).
- ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate (boo#934755).
- ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) (boo#934755).
- Automatically Provide/Obsolete all subpackages of old flavors (bnc#925567)
- Fix kABI for ak411x structs (boo#934755).
- Fix kABI for snd_emu10k1 struct (boo#934755).
- HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624).
- HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624).
- HID: add quirk for PIXART OEM mouse used by HP (bnc#929624).
- HID: usbhid: add always-poll quirk (bnc#929624).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#929624).
- HID: usbhid: fix PIXART optical mouse (bnc#929624).
- HID: usbhid: more mice with ALWAYS_POLL (bnc#929624).
- HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624).
- HID: yet another buggy ELAN touchscreen (bnc#929624).
- Input: synaptics - handle spurious release of trackstick buttons (bnc#928693).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series (bnc#928693).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015 (bnc#928693).
- Input: synaptics - retrieve the extended capabilities in query $10 (bnc#928693).
- NFSv4: When returning a delegation, do not reclaim an incompatible open mode (bnc#934202).
- Refresh patches.xen/xen-blkfront-indirect (bsc#922235).
- Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60 (bnc#934397)
- arm64: mm: Remove hack in mmap randomized layout Fix commit id and mainlined information
- bnx2x: Fix kdump when iommu=on (bug#921769).
- client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348).
- config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only used on ARM64 systems.
- config: disable XGBE on non-ARM hardware It is documented as being present only on AMD SoCs.
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor() (bsc#924664).
- drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913).
- drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913).
- drm/i915/dp: only use training pattern 3 on platforms that support it (boo#935913).
- drm/i915/dp: there is no audio on port A (boo#935913).
- drm/i915/hsw: Fix workaround for server AUX channel clock divisor (boo#935913).
- drm/i915/vlv: remove wait for previous GFX clk disable request (boo#935913).
- drm/i915/vlv: save/restore the power context base reg (boo#935913).
- drm/i915: Add missing MacBook Pro models with dual channel LVDS (boo#935913).
- drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913).
- drm/i915: Ban Haswell from using RCS flips (boo#935913).
- drm/i915: Check obj->vma_list under the struct_mutex (boo#935913).
- drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913).
- drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913).
- drm/i915: Disable caches for Global GTT (boo#935913).
- drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
- drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913).
- drm/i915: Do not leak pages when freeing userptr objects (boo#935913).
- drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913).
- drm/i915: Evict CS TLBs between batches (boo#935913).
- drm/i915: Fix DDC probe for passive adapters (boo#935913).
- drm/i915: Fix and clean BDW PCH identification (boo#935913).
- drm/i915: Force the CS stall for invalidate flushes (boo#935913).
- drm/i915: Handle failure to kick out a conflicting fb driver (boo#935913).
- drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (boo#935913).
- drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913).
- drm/i915: Invalidate media caches on gen7 (boo#935913).
- drm/i915: Kick fbdev before vgacon (boo#935913).
- drm/i915: Only fence tiled region of object (boo#935913).
- drm/i915: Only warn the first time we attempt to mmio whilst suspended (boo#935913).
- drm/i915: Unlock panel even when LVDS is disabled (boo#935913).
- drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913).
- drm/i915: cope with large i2c transfers (boo#935913).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#935913).
- drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913).
- drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (boo#935913).
- drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913).
- drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913).
- drm/radeon: retry dcpd fetch (bnc#931580).
- ftrace/x86/xen: use kernel identity mapping only when really needed (bsc#873195, bsc#886272, bsc#903727, bsc#927725)
- guards: Add support for an external filelist in --check mode This will allow us to run --check without a kernel-source.git work tree.
- guards: Include the file name also in the "Not found" error
- guards: Simplify help text
- hyperv: Add processing of MTU reduced by the host (bnc#919596).
- ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked (boo#939394).
- ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399).
- ipv6: fix ECMP route replacement (bsc#930399).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#930399).
- kABI: protect linux/slab.h include in of/address.
- kabi/severities: ignore already-broken but acceptable kABI changes - SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring - Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages prototype - KVM changes are intermodule dependencies
- kabi: Fix CRC for dma_get_required_mask.
- kabi: add kABI reference files
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599).
- net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488).
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not match
- rt2x00: do not align payload on modern H/W (bnc#932844).
- rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
- thermal: step_wise: Revert optimization (boo#925961).
- tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64: mm: Remove hack in mmap randomize layout (bsc#937033)
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937226).
- x86, apic: Handle a bad TSC more gracefully (boo#935530).
- x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092).
- x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bnc#907092).
- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
- x86/microcode/amd: Extract current patch level read to a function (bsc#913996).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xhci: Calculate old endpoints correctly on device reset (bnc#938976).

Fixed bugs
bnc#907092
Laptop internal sound lost upgrading from 13.1 to 13.2
bnc#907714
[i915] Some monitors send invalid DPCP data after wakeup
bnc#915517
VUL-0: CVE-2015-1420: kernel-source: Linux kernel fs/fhandle.c race condition
bnc#916225
VUL-0: CVE-2015-1465: kernel: net: DoS due to routing packets to too many different dsts/too fast
bnc#919007
VUL-0: CVE-2015-2041: kernel: Incorrect data type in llc2_timeout_table
bnc#919596
Hyper-V: Add processing of MTU reduced by the host
bnc#921769
bnx2x: [bnx2x_issue_dmae_with_comp:476(eth1)]DMAE timeout!
bnc#922583
VUL-1: CVE-2015-2922: kernel: ipv6 hop limit issue VU#711516
bnc#925567
[online-update] full installed sled11sp3-x86_64 system upgrade to sled11sp4 met dependency conflict
bnc#925961
acerhdf and coretemp interfering on Acer Aspire One 150
bnc#927786
kernel deadlock in networking
bnc#928693
touchpad on 2015 Lenovo models does not work
bnc#929624
USB mouse continually disconnects and reconnects every 60 seconds
bnc#930488
ppp_ioctl case kernel panic
bnc#930599
NCQ + TRIM corruption on Samsung SSD
bnc#931580
ASUS U38N black screen on boot with radeon driver
bnc#932348
cifs client can fail to negotiate protocol with SMB1 with security ntlmssp & extended_security
bnc#932844
rt200 USB wifi adapter eventually causes kernel panic
bnc#933934
VUL-0: CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4004: kernel: The OZWPAN driver in the Linux kernel through 4.0.5 has multiple problems
bnc#934202
NFS: nfs4_handle_delegation_recall_error: unhandled error -13.
bnc#934397
Resume from suspend to ram fails when HDD is connected
bnc#934755
Missing backports of stable sound fixes for openSUSE 13.2 kernel
bnc#935530
WARNING: CPU: 0 PID: 1 at ../arch/x86/kernel/apic/apic.c:1404 setup_local_APIC+0x269/0x320
bnc#935542
VUL-0: CVE-2015-4692: kernel: kvm: x86: NULL pointer dereference in kvm_apic_has_events function
bnc#935705
VUL-0: CVE-2015-4700: kernel: bpf jit optimization flaw can panic kernel.
bnc#935913
Missing backports for i915 KMS kernel module
bnc#937226
USB 3.0 external hard disk not detected
bnc#938976
Docking station on Lenovo X230 loses SS USB ports after repeated S3 cycles
bnc#939394
ideapad_laptop module disables wifi on lenovo g50-30 without option to turn it back on
CVE-CVE-2014-9728
CVE-CVE-2014-9729
CVE-CVE-2014-9730
CVE-CVE-2014-9731
CVE-CVE-2015-1420
CVE-CVE-2015-1465
CVE-CVE-2015-2041
CVE-CVE-2015-2922
CVE-CVE-2015-3212
CVE-CVE-2015-3290
CVE-CVE-2015-3339
CVE-CVE-2015-3636
CVE-CVE-2015-4001
CVE-CVE-2015-4002
CVE-CVE-2015-4003
CVE-CVE-2015-4036
CVE-CVE-2015-4167
CVE-CVE-2015-4692
CVE-CVE-2015-4700
CVE-CVE-2015-5364
CVE-CVE-2015-5366
Selected Binaries
openSUSE Build Service is sponsored by
Places