Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE 13.2 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed:
- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers gain root
privileges. (bsc#962075).
- CVE-2015-7550: A local user could have triggered a race between read and
revoke in keyctl (bnc#958951).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions
in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8543: The networking implementation in the Linux kernel
did not validate protocol identifiers for certain protocol families,
which allowed local users to cause a denial of service (NULL function
pointer dereference and system crash) or possibly gain privileges by
leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2014-8989: The Linux kernel did not properly restrict dropping
of supplemental group memberships in certain namespace scenarios,
which allowed local users to bypass intended file permissions by
leveraging a POSIX ACL containing an entry for the group category
that is more restrictive than the entry for the other category, aka a
"negative groups" issue, related to kernel/groups.c, kernel/uid16.c,
and kernel/user_namespace.c (bnc#906545).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on
the x86_64 platform mishandles IRET faults in processing NMIs that
occurred during userspace execution, which might allow local users to
gain privileges by triggering an NMI (bnc#937969).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in
the Linux kernel through 4.2.3 did not ensure that certain slot numbers
are valid, which allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl
call (bnc#949936).
- CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6,
and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial
of service (host OS panic or hang) by triggering many #DB (aka Debug)
exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6,
and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial
of service (host OS panic or hang) by triggering many #AC (aka Alignment
Check) exceptions, related to svm.c and vmx.c (bnc#953527).
- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause
a denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to
a key structure member during garbage collection of a key (bnc#912202).
- CVE-2015-7990: Race condition in the rds_sendmsg function in
net/rds/sendmsg.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by using a socket that was not
properly bound. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2015-6937 (bnc#952384 953052).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by using a socket that was not properly bound (bnc#945825).
- CVE-2015-7885: The dgnc_mgmt_ioctl function in
drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did
not initialize a certain structure member, which allowed local users to
obtain sensitive information from kernel memory via a crafted application
(bnc#951627).
- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux
kernel did not validate attempted changes to the MTU value, which allowed
context-dependent attackers to cause a denial of service (packet loss)
via a value that is (1) smaller than the minimum compliant value or
(2) larger than the MTU of an interface, as demonstrated by a Router
Advertisement (RA) message that is not validated by a daemon, a different
vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is
limited to the NetworkManager product (bnc#955354).
- CVE-2015-8767: A case can occur when sctp_accept() is called by the
user during a heartbeat timeout event after the 4-way handshake. Since
sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the
listening socket but released with the new association socket. The result
is a deadlock on any future attempts to take the listening socket lock. (bsc#961509)
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to
prevent information leak (bsc#959399).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service or arbitrary code execution (depending on the configuration)
(bsc#957988).

The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).
- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
- KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).
- KVM: x86: update masterclock values on TSC writes (bsc#961739).
- NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949).
- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- cdrom: Random writing support for BD-RE media (bnc#959568).
- genksyms: Handle string literals with spaces in reference files (bsc#958510).
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
- ipv6: fix tunnel error handling (bsc#952579).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- uas: Add response iu handling (bnc#954138).
- usbvision fix overflow of interfaces array (bnc#950998).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

Fixed bugs
bnc#814440
HP CSBU SP3 bug: driver for Creative Recon3D audio working in Beta3, broken in Beta4
bnc#906545
VUL-0: CVE-2014-8989: kernel-source: Linux user namespaces can bypass group-based restrictions
bnc#912202
VUL-0: CVE-2014-9529: kernel-source: security/keys/gc.c race condition
bnc#921949
VFIO device attaching: setrlimit DENIED
bnc#937969
VUL-0: CVE-2015-3290: kernel: A thinko in nested NMI handling
bnc#937970
VUL-1: CVE-2015-3291: kernel: Malicious userspace programs can cause the kernel to skip NMIs on occasion
bnc#938706
VUL-0: CVE-2015-5157: kernel: NMI nesting run into IRET faults
bnc#944296
VUL-0: CVE-2015-0272: NetworkManager: remote DoS using IPv6 RA with bogus MTU
bnc#945825
VUL-1: CVE-2015-6937: kernel-source: NULL pointer dereference in net/rds/connection.c
bnc#949936
VUL-0: CVE-2015-7799: kernel: Using the PPP character device driver caused the system to restart
bnc#950998
VUL-1: CVE-2015-7833: kernel: usbvision: crash on invalid USB device descriptors
bnc#951627
VUL-0: CVE-2015-7885: kernel: ioctl infoleaks on dgnc
bnc#951638
bcach issue: bcache backing device gets registered but not started
bnc#952384
VUL-1: CVE-2015-7990: kernel: Incomplete fix for CVE-2015-6937, RDS socket handling
bnc#952579
Corrupt IPv6 packets after upgrading to 3.12.48-52.27.1
bnc#952976
sles 12 guest PV using tap:aio will crash the host (dom0)
bnc#953527
VUL-0: CVE-2015-5307: kernel: kvm: x86: avoid guest->host DOS by intercepting #AC
bnc#954138
openSUSE 13.2 does not detect 5 TB USB disk and crashes when it is unplugged
bnc#954404
VUL-0: CVE-2015-8104: kernel: kvm: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
bnc#955224
PMTU flapping problem in SLES12
bnc#955354
VUL-1: CVE-2015-8215: kernel: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does notvalidate attempted cha...
bnc#955422
fragmented IPv6 multicast frames sometimes missing with bridged macvlan
bnc#956708
VUL-0: CVE-2015-7515: kernel: aiptek: crash on invalid USB device descriptors
bnc#956934
nfsidmap: fopen(/proc/keys) failed: No such file or directory
bnc#957988
VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155)
bnc#957990
VUL-0: CVE-2015-8551,CVE-2015-8552,CVE-2015-8553: kernel: xen: Linux pciback missing sanity checks leading to crash (XSA-157)
bnc#958504
Constant background noise on T440s and loud cracking noise after audio powersave
bnc#958510
Spurious 'modversion changed' messages in drivers/edac
bnc#958886
VUL-1: CVE-2015-8543: kernel-source: connect IPv6/SOCK_RAW connect causes a denial of service
bnc#958951
VUL-0: CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke
bnc#959190
VUL-1: CVE-2015-8569: kernel: information leak using getsockname
bnc#959399
VUL-1: CVE-2015-8575: kernel-source: information leak from getsockname in bluetooth/sco
bnc#959568
BD-RE in random access mode fails
bnc#960839
VUL-0: CVE-2015-8746: kernel: nfs: NULL pointer dereference of migration recovery ops for v4.2 client
bnc#961509
VUL-0: CVE-2015-8767: kernel: SCTP denial of service during heartbeat timeout functions
bnc#961739
KVM:
bnc#962075
VUL-0: CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility
CVE-CVE-2015-7550
CVE-CVE-2015-8767
CVE-CVE-2016-0728
CVE-CVE-2015-8569
CVE-CVE-2015-8575
CVE-CVE-2015-8543
CVE-CVE-2015-8551
CVE-CVE-2015-8552
CVE-CVE-2015-8550
CVE-CVE-2015-8215
CVE-CVE-2014-8989
CVE-CVE-2015-5157
CVE-CVE-2015-7799
CVE-CVE-2015-8104
CVE-CVE-2015-5307
CVE-CVE-2014-9529
CVE-CVE-2015-7990
CVE-CVE-2015-6937
CVE-CVE-2015-7885
Selected Binaries
openSUSE Build Service is sponsored by
Places