Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2015-1339: A memory leak in cuse could be used to exhaust kernel
memory. (bsc#969356).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in
the Linux kernel did not ensure that certain slot numbers are valid,
which allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936 951638).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c
in the Linux kernel allowed local users to cause a denial of service
(OOPS) via crafted keyctl commands (bnc#951440).
- CVE-2015-7884: The vivid_fb_ioctl function in
drivers/media/platform/vivid/vivid-osd.c in the Linux kernel did not
initialize a certain structure member, which allowed local users to
obtain sensitive information from kernel memory via a crafted application
(bnc#951626).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and
gid mappings, which allowed local users to gain privileges by establishing
a user namespace, waiting for a root process to enter that namespace
with an unsafe uid or gid, and then using the ptrace system call. NOTE:
the vendor states "there is no kernel bug here (bnc#959709).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
properly manage the relationship between a lock and a socket, which
allowed local users to cause a denial of service (deadlock) via a crafted
sctp_accept call. (bsc#961509)
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c
in the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length
for the first segment of an iov (bnc#963765).
- CVE-2015-8787: The nf_nat_redirect_ipv4 function in
net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote
attackers to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact by sending
certain IPv4 packets to an incompletely configured interface, a related
issue to CVE-2003-1604 (bnc#963931).
- CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when
the network was considered congested. The kernel would incorrectly
misinterpret the congestion as an error condition and incorrectly
free/clean up the skb. When the device would then send the skb's
queued, these structures would be referenced and may panic the system
or allow an attacker to escalate privileges in a use-after-free
scenario. (bsc#966437).
- CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call (bnc#961500).
- CVE-2016-2069: When Linux invalidated a paging structure that is
not in use locally, it could, in principle, race against another
CPU that is switching to a process that uses the paging structure in
question. (bsc#963767)
- CVE-2016-2184: A malicious USB device could cause a kernel crash in
the alsa usb-audio driver. (bsc#971125)
- CVE-2016-2383: Incorrect branch fixups for eBPF allow arbitrary read
of kernel memory. (bsc#966684)
- CVE-2016-2384: A malicious USB device could cause a kernel crash in
the alsa usb-audio driver. (bsc#966693)

The following non-security bugs were fixed:
- alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).
- alsa: hda - disable dynamic clock gating on Broxton before reset (bsc#966137).
- alsa: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137).
- alsa: seq: Fix double port list deletion (bsc#968018).
- alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- alsa: timer: Fix race between stop and interrupt (bsc#968018).
- alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018).
- arm64: Add workaround for Cavium erratum 27456.
- arm64: Backport arm64 patches from SLE12-SP1-ARM
- btrfs: teach backref walking about backrefs with underflowed (bsc#966259).
- cgroup kabi fix for 4.1.19.
- config: Disable CONFIG_DDR. CONFIG_DDR is selected automatically by drivers which need it.
- config: Disable MFD_TPS65218 The TPS65218 is a power management IC for 32-bit ARM systems.
- config: Modularize NF_REJECT_IPV4/V6 There is no reason why these helper modules should be built-in when the rest of netfilter is built as modules.
- config: Update x86 config files: Enable Intel RAPL This driver is useful when power caping is needed. It was enabled in the SLE kernel 2 years ago.
- Delete patches.fixes/bridge-module-get-put.patch. As discussed in http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html
- drm/i915: Fix double unref in intelfb_alloc failure path (boo#962866, boo#966179).
- drm/i915: Fix failure paths around initial fbdev allocation (boo#962866, boo#966179).
- drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping (boo#962866, boo#966179).
- e1000e: Avoid divide by zero error (bsc#965125).
- e1000e: fix division by zero on jumbo MTUs (bsc#965125).
- e1000e: fix systim issues (bsc#965125).
- e1000e: Fix tight loop implementation of systime read algorithm (bsc#965125).
- ibmvnic: Fix ibmvnic_capability struct.
- intel: Disable Skylake support in intel_idle driver again (boo#969582) This turned out to bring a regression on some machines, unfortunately. It should be addressed in the upstream at first.
- intel_idle: allow idle states to be freeze-mode specific (boo#969582).
- intel_idle: Skylake Client Support (boo#969582).
- intel_idle: Skylake Client Support - updated (boo#969582).
- libceph: fix scatterlist last_piece calculation (bsc#963746).
- lio: Add LIO clustered RBD backend (fate#318836)
- net kabi fixes for 4.1.19.
- numa patches updated to v15
- ocfs2: fix dlmglue deadlock issue(bnc#962257)
- pci: thunder: Add driver for ThunderX-pass{1,2} on-chip devices
- pci: thunder: Add PCIe host driver for ThunderX processors
- sd: Optimal I/O size is in bytes, not sectors (boo#961263).
- sd: Reject optimal transfer length smaller than page size (boo#961263).
- series.conf: move cxgb3 patch to network drivers section

Fixed bugs
bnc#814440
HP CSBU SP3 bug: driver for Creative Recon3D audio working in Beta3, broken in Beta4
bnc#884701
Removing Kernel Modules from s390x kernel
bnc#949936
VUL-0: CVE-2015-7799: kernel: Using the PPP character device driver caused the system to restart
bnc#951440
VUL-0: CVE-2015-7872: kernel: Keyrings crash triggerable by unprivileged user
bnc#951542
VUL-0: CVE-2015-7872: kernel live patch: Keyrings crash triggerable by unprivileged user
bnc#951626
VUL-0: CVE-2015-7884: kernel: ioctl infoleaks on vivid-osd
bnc#951638
bcach issue: bcache backing device gets registered but not started
bnc#953527
VUL-0: CVE-2015-5307: kernel: kvm: x86: avoid guest->host DOS by intercepting #AC
bnc#954018
VUL-0: CVE-2015-5307: xen: x86: CPU lockup during AC# fault delivery (XSA-156)
bnc#954404
VUL-0: CVE-2015-8104: kernel: kvm: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
bnc#954405
VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception (XSA-156)
bnc#954876
Sound burst when initiating Plasma 5 Desktop
bnc#958439
Noise in headphones when shutting down or rebooting
bnc#958463
VUL-0: CVE-2015-8539: kernel: Fix handling of stored error in a negatively instantiated user key
bnc#958504
Constant background noise on T440s and loud cracking noise after audio powersave
bnc#959709
VUL-0: kernel: privilege escalation in user namespaces
bnc#960561
VUL-0: CVE-2015-8709: kernel: ptrace: potential privilege escalation in user namespaces
bnc#960563
VUL-0: CVE-2015-8709: kernel live patch: ptrace: potential privilege escalation in user namespaces
bnc#960710
crash when unloading+loading snd_hda_intel
bnc#961263
NCQ Timeout with SMR drives (e.g. Seagate 8tb hdd)
bnc#961500
VUL-0: CVE-2016-0723: kernel: Use-after-free in TIOCGETD ioctl
bnc#961509
VUL-0: CVE-2015-8767: kernel: SCTP denial of service during heartbeat timeout functions
bnc#962257
ocfs2: very bad performance when doing cluster IO
bnc#962866
BUG: unable to handle kernel NULL pointer dereference at 0000000000000060 in intel_fb_obj_invalidate+0x1c/0xf0 [i915]
bnc#962977
VUL-0: virtualbox: Oracle Critical Patch Update Advisory - January 2016
bnc#963746
ISCSI target server crash: kernel BUG at ../net/ceph/messenger.c:1212!
bnc#963765
VUL-0: CVE-2015-8785: kernel: fuse: possible denial of service in fuse_fill_write_pages()
bnc#963767
VUL-0: CVE-2016-2069: kernel: race condition in the TLB flush logic
bnc#963931
VUL-0: CVE-2015-8787: kernel: Missing NULL pointer check in nf_nat_redirect_ipv4
bnc#965125
kernel crashes with divide error: 0000 in e1000e driver
bnc#966137
Installing with NVIDIA K420 does not show "Internal Audio"; sets "NVIDIA HDMI Audio" as default.
bnc#966179
[i915] framebuffer console remains black
bnc#966259
BTRFS send error: did not find backref in send_root
bnc#966437
VUL-0: CVE-2015-8812: kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
bnc#966684
VUL-0: CVE-2016-2383: kernel: Incorrect branch fixups for eBPF allow arbitrary read
bnc#966693
VUL-0: CVE-2016-2384: kernel: ALSA: usb-audio: double-free triggered by invalid USB descriptor
bnc#968018
VUL-1: kernel: ALSA core issues reported by syzkaller fuzzer
bnc#969356
VUL-0: CVE-2015-1339: kernel: Memory exhaustion via CUSE driver
bnc#969582
Missing support in intel_idle for Skylake
bnc#970845
Kernel:openSUSE-42.1' 4.1.19-1.1.gba8f37b: xfs problems & kernel panic
bnc#971125
VUL-1: CVE-2016-2184 kernel: Kernel panic on invalid USB device descriptor (snd_usb_audio driver)
CVE-CVE-2016-2184
CVE-CVE-2016-2383
CVE-CVE-2016-2384
CVE-CVE-2015-1339
CVE-CVE-2016-0723
CVE-CVE-2015-8709
CVE-CVE-2015-8812
CVE-CVE-2015-8785
CVE-CVE-2015-7799
CVE-CVE-2015-7884
CVE-CVE-2015-8104
CVE-CVE-2016-2069
CVE-CVE-2015-8767
CVE-CVE-2015-8787
CVE-CVE-2015-7872
Selected Binaries
openSUSE Build Service is sponsored by
Places