Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes.

The following security bugs were fixed:
- CVE-2016-1583: Prevent the usage of mmap when the lower file system
does not allow it. This could have lead to local privilege escalation
when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was
setuid (bsc#983143).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
incorrectly relies on the write system call, which allows local users
to cause a denial of service (kernel memory write operation) or possibly
have unspecified other impact via a uAPI interface. (bsc#979548)
- CVE-2016-4805: Use-after-free vulnerability in
drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash,
or spinlock) or possibly have unspecified other impact by removing
a network namespace, related to the ppp_register_net_channel and
ppp_unregister_channel functions. (bsc#980371).
- CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c
in the Linux kernel did not verify socket existence, which allowed
local users to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact via a dumpit
operation. (bsc#981058).
- CVE-2016-5244: An information leak vulnerability in function
rds_inc_info_copy of file net/rds/recv.c was fixed that might have leaked
kernel stack data. (bsc#983213).
- CVE-2016-4580: The x25_negotiate_facilities function in
net/x25/x25_facilities.c in the Linux kernel did not properly
initialize a certain data structure, which allowed attackers to
obtain sensitive information from kernel stack memory via an X.25 Call
Request. (bsc#981267).
- CVE-2016-0758: Tags with indefinite length could have corrupted pointers
in asn1_find_indefinite_length (bsc#979867).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c
in the Linux kernel allowed attackers to cause a denial of service
(panic) via an ASN.1 BER file that lacks a public key, leading
to mishandling by the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in
the Linux kernel allowed local users to bypass intended AF_UNIX socket
permissions or cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did
not validate certain offset fields, which allowed local users to gain
privileges or cause a denial of service (heap memory corruption) via an
IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c
in the Linux kernel did not properly randomize the legacy base address,
which made it easier for local users to defeat the intended restrictions
on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism
for a setuid or setgid program, by disabling stack-consumption resource
limits (bnc#974308).
- CVE-2016-4482: A kernel information leak in the usbfs devio
connectinfo was fixed, which could expose kernel stack memory to
userspace. (bnc#978401).
- CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).
- CVE-2016-4486: A kernel information leak in rtnetlink was fixed,
where 4 uninitialized bytes could leak to userspace (bsc#978822).
- CVE-2016-4557: A use-after-free via double-fdput in
replace_map_fd_with_map_ptr() was fixed, which could allow privilege
escalation (bsc#979018).
- CVE-2016-4565: When the "rdma_ucm" infiniband module is loaded, local
attackers could escalate their privileges (bsc#979548).
- CVE-2016-4569: A kernel information leak in the ALSA timer via events
via snd_timer_user_tinterrupt that could leak information to userspace
was fixed (bsc#979213).
- CVE-2016-4578: A kernel information leak in the ALSA timer via events
that could leak information to userspace was fixed (bsc#979879).
- CVE-2016-4581: If the first propogated mount copy was being a slave
it could oops the kernel (bsc#979913)

The following non-security bugs were fixed:
- ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).
- ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).
- ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).
- ALSA: hda - Fix broken reconfig (boo#979278).
- ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines (boo#979278).
- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).
- ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).
- ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).
- ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m (boo#979278).
- ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 (boo#979278).
- ALSA: hda/realtek - New codec support of ALC225 (boo#979278).
- ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).
- ALSA: pcxhr: Fix missing mutex unlock (boo#979278).
- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) (boo#979278).
- bluetooth: fix power_on vs close race (bsc#966849).
- bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).
- bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).
- bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).
- btrfs: do not use src fd for printk (bsc#980348).
- btrfs: fix crash/invalid memory access on fsync when using overlayfs (bsc#977198)
- drm: qxl: Workaround for buggy user-space (bsc#981344).
- enic: set netdev->vlan_features (bsc#966245).
- fs: add file_dentry() (bsc#977198).
- IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).
- input: i8042 - lower log level for "no controller" message (bsc#945345).
- kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*, efivar_validate, file_open_root and dax_fault
- kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)
- kabi: file_dentry changes (bsc#977198).
- kABI fixes for 4.1.22
- mm/page_alloc.c: calculate 'available' memory in a separate function (bsc#982239).
- net: disable fragment reassembly if high_thresh is zero (bsc#970506).
- of: iommu: Silence misleading warning.
- pstore_register() error handling was wrong -- it tried to release lock before it's acquired, causing spinlock / preemption imbalance. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984460).
- Revert "usb: hub: do not clear BOS field during reset device" (boo#979728).
- usb: core: hub: hub_port_init lock controller instead of bus (bnc#978073).
- usb: preserve kABI in address0 locking (bnc#978073).
- usb: usbip: fix potential out-of-bounds write (bnc#975945).
- USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982712).
- virtio_balloon: do not change memory amount visible via /proc/meminfo (bsc#982238).
- virtio_balloon: export 'available' memory to balloon statistics (bsc#982239).

Fixed bugs
bnc#945345
[BYT, grub2, vbe] During Boot, junk characters and kernel/initrd error messages on display
bnc#955654
VUL-0: CVE-2013-7446: kernel: Unix sockets use after free - peer_wait_queue prematurely freed
bnc#966849
[syzkaller] vhci WARNING: at kernel/workqueue.c:4042
bnc#971126
VUL-0: CVE-2016-3134: kernel: netfilter: missing bounds check in ipt_entry structure
bnc#971799
[syzkaller] bluetooth BUG: KASAN: use-after-free in vhci_send_frame
bnc#973570
smbd locks up the kernel
bnc#974308
VUL-1: CVE-2016-3672: kernel: Unlimiting the stack not longer disables ASLR
bnc#975945
VUL-0: CVE-2016-3955: kernel: buffer overflow in usbip by trusting length of incoming packets
bnc#977198
[request] Backport overlay and union filesystem fixes
bnc#978401
VUL-1: CVE-2016-4482: kernel: information leak in devio of Linux kernel
bnc#978821
VUL-0: CVE-2016-4485: kernel: Information leak in llc module
bnc#978822
VUL-0: CVE-2016-4486: kernel: Information leak in rtnetlink
bnc#979018
VUL-0: CVE-2016-4557: kernel: double-free/use-after-free in eBPF
bnc#979213
VUL-1: CVE-2016-4569: kernel: information leak vulnerability in Linux sound module
bnc#979278
Missing stable sound backports up to 4.6
bnc#979548
VUL-0: CVE-2016-4565: kernel: infiniband: Using write() instead of bi-directional ioctl() allows writing into user specified kernel memory
bnc#979728
kernel: unplug of USB stick makes systemd-udev trigger an Oops
bnc#979879
VUL-1: CVE-2016-4578: kernel: Information leak in events in timer.c
bnc#979913
VUL-0: CVE-2016-4581: kernel: Slave being first propagated copy causes oops in propagate_mnt
bnc#980348
btrfs: possible to crash using BTRFS_IOC_SNAP_CREATE_V2 ioctl w/ non-btrfs file descriptor
CVE-2013-7446
CVE-2016-3134
CVE-2016-3672
CVE-2016-3955
CVE-2016-4482
CVE-2016-4485
CVE-2016-4486
CVE-2016-4557
CVE-2016-4565
CVE-2016-4569
CVE-2016-4578
CVE-2016-4581
bnc#963762
VUL-0: CVE-2016-2053: kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
bnc#966245
L3-Question: GSO-TSO Settings not reporting on the VLAN Interface for SLES 12
bnc#966849
[syzkaller] vhci WARNING: at kernel/workqueue.c:4042
bnc#970506
net.ipv4.ipfrag_[low|high]_thresh=0 does not drop fragmented traffic
bnc#971799
[syzkaller] bluetooth BUG: KASAN: use-after-free in vhci_send_frame
bnc#978073
USB3 bus fails to enumerate in rare cases
bnc#979278
Missing stable sound backports up to 4.6
bnc#979548
VUL-0: CVE-2016-4565: kernel: infiniband: Using write() instead of bi-directional ioctl() allows writing into user specified kernel memory
bnc#979867
VUL-0: CVE-2016-0758: kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
bnc#980371
VUL-0: CVE-2016-4805: kernel: Use after free vulnerability in ppp_unregister_channel
bnc#980657
ISST-LTE:pVM:chalklp2:sles12 sp2: WARNING: at ../net/core/skbuff.c:4195 (Infiniband)
bnc#981058
VUL-0: CVE-2016-4951: kernel: Null pointer dereference in tipc_nl_publ_dump
bnc#981267
VUL-1: CVE-2016-4580: kernel: Information leak in x25 module
bnc#981344
qxl drm driver is breaking KDE5
bnc#982238
"Hide" ballooned memory
bnc#982239
More detailed statistics from the balloon
bnc#982712
use of streams with UAS on Frescologic device id 1009 can brick motherboards
bnc#983143
VUL-0: CVE-2016-1583: kernel: ecryptfs: stack overflow in ecryptfs with /proc/pid/environ could lead to root
bnc#983213
VUL-1: CVE-2016-5244: kernel-source: rds: fix an infoleak in rds_inc_info_copy
bnc#984460
Bluetooth stop to work after a few minute
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-4565
CVE-2016-4580
CVE-2016-4805
CVE-2016-4951
CVE-2016-5244
Selected Binaries
openSUSE Build Service is sponsored by
Places