Overview

File _patchinfo of Package patchinfo.3585

<patchinfo incident="3585">
  <issue id="987703" tracker="bnc">Dell 7470 Touchpad not recognized</issue>
  <issue id="963655" tracker="bnc">CIFS client for Linux fails to resolve DFS Link if DFS Target is a path to a subdirectory on a share</issue>
  <issue id="1008833" tracker="bnc">VUL-0: CVE-2016-8633: kernel: Buffer overflow in firewire driver via crafted incoming packets</issue>
  <issue id="989152" tracker="bnc">VUL-1: CVE-2016-5696: kernel-source: challenge ACK counter information disclosure</issue>
  <issue id="1001171" tracker="bnc">btrfs: InnoDB Fatal error: cannot read from file. OS error number 17.</issue>
  <issue id="1004517" tracker="bnc">VUL-0: CVE-2016-7042: kernel: Stack corruption while reading /proc/keys</issue>
  <issue id="999577" tracker="bnc">BOND state UNKNOWN shown with ip addr after patching the wicked components to 0.6.31-26.1.</issue>
  <issue id="1010150" tracker="bnc">VUL-0: CVE-2016-8646: kernel-source: oops in shash_async_export()</issue>
  <issue id="1001462" tracker="bnc">Disable HD-audio loopback mixing as default</issue>
  <issue id="1000304" tracker="bnc">several AppArmor kernel fixes / patches</issue>
  <issue id="1007197" tracker="bnc">VUL-0: CVE-2016-9083, CVE-2016-9084: kernel: vfio driver integer overflow</issue>
  <issue id="1001486" tracker="bnc">VUL-0: CVE-2016-7039, CVE-2016-8666: kernel-source: remote crash via stack overflow</issue>
  <issue id="999600" tracker="bnc">btrfs BUG: unable to handle kernel NULL pointer dereference at           (null)</issue>
  <issue id="1007615" tracker="bnc">Endless 'input irq status -75 received' with Aten CS692 KVM Switch when mouse is plugged in</issue>
  <issue id="972460" tracker="bnc">[syzkaller]  tun BUG: KASAN: stack-out-of-bounds in iov_iter_advance</issue>
  <issue id="978094" tracker="bnc">virsh/xl domu shutdown hangs domain name changes to null</issue>
  <issue id="934067" tracker="bnc">kernel does not send NEWLINK on changes caused by IPv6 RA</issue>
  <issue id="982238" tracker="bnc">"Hide" ballooned memory</issue>
  <issue id="979879" tracker="bnc">VUL-1: CVE-2016-4578: kernel: Information leak in events in timer.c</issue>
  <issue id="993890" tracker="bnc">VUL-1: kernel: kaweth driver can be made to oops by malicious device</issue>
  <issue id="1000287" tracker="bnc">[patch] AppArmor change_hat failures</issue>
  <issue id="799133" tracker="bnc">After SP2 update no longer able to mount DFS based shares using CIFs</issue>
  <issue id="1007653" tracker="bnc">btrfs: list corruption with btrfs_sync_log</issue>
  <issue id="991665" tracker="bnc">VUL-0: kernel: hid: forged keyboard can panic kernel</issue>
  <issue id="993739" tracker="bnc">Partner-L3: brocade driver kernel crash</issue>
  <issue id="986362" tracker="bnc">VUL-0: CVE-2016-4997: kernel: Linux local privilege escalation in compat_setsockopt</issue>
  <issue id="954647" tracker="bnc">Fixes for Dell headset are missing from Leap 4.1.x kernel</issue>
  <issue id="1004462" tracker="bnc">VUL-0: CVE-2016-8658 kernel: Stack buffer overflow in brcmf_cfg80211_start_ap</issue>
  <issue id="991608" tracker="bnc">VUL-0: CVE-2016-6480: kernel: double read leading to kernel information discosure</issue>
  <issue id="986365" tracker="bnc">VUL-0: CVE-2016-4998: kernel: OOB read / Denial of Service in setsockopt()</issue>
  <issue id="911687" tracker="bnc">soft lockup in tapdisk2 / blktap_device_restart / force_evtchn_callback</issue>
  <issue id="979213" tracker="bnc">VUL-1: CVE-2016-4569: kernel: information leak vulnerability in Linux sound module</issue>
  <issue id="1005101" tracker="bnc">Pending fixes for 4.1.x openSUSE Leap 42.1 kernel</issue>
  <issue id="1000907" tracker="bnc">Cannot get directory listing of Windows share. Error "Object is remote" using 4.1.31-30-default kernel</issue>
  <issue id="986570" tracker="bnc">VUL-0: CVE-2016-1237: kernel-source: nfsd: any user can set a file's ACL over NFS and grant access to it</issue>
  <issue id="995968" tracker="bnc">VUL-1: CVE-2016-7097: kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit</issue>
  <issue id="996664" tracker="bnc">kernel BUG at ../xen/netback/netback.c:569!</issue>
  <issue id="1006580" tracker="bnc">Fixes for 4.1.x openSUSE Leap 42.1 kernel based on commits for aarch64</issue>
  <issue id="993891" tracker="bnc">VUL-1: kernel: cdc-acm can be made to oops by malicious device</issue>
  <issue id="999932" tracker="bnc">VUL-0: CVE-2016-7425: kernel-source: SCSI arcmsr driver: Buffer overflow in arcmsr_iop_message_xfer()</issue>
  <issue id="909994" tracker="bnc">deadlock in blktap2 after destroying Xen HVM domU causes deadlock in procfs</issue>
  <issue id="922634" tracker="bnc">USB 3.0 Safely Remove Drive attach the drive again</issue>
  <issue id="994296" tracker="bnc">VUL-0: CVE-2016-6828: kernel-source: tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master</issue>
  <issue id="990384" tracker="bnc">BTRFS turns RO in openQA tests</issue>
  <issue id="973378" tracker="bnc">[syzkaller] snd_timer BUG: KASAN: use-after-free in snd_timer_interrupt</issue>
  <issue id="1009222" tracker="bnc">VUL-0: CVE-2016-8630: kernel: kvm: null pointer dereference in kvm</issue>
  <issue id="1003925" tracker="bnc">VUL-0: CVE-2015-8956 kernel: NULL dereference in RFCOMM bind callback</issue>
  <issue id="991247" tracker="bnc">Xen driver bug "xen_netfront: xennet: skb rides the rocket"</issue>
  <issue id="963931" tracker="bnc">VUL-0: CVE-2015-8787: kernel: Missing NULL pointer check in nf_nat_redirect_ipv4</issue>
  <issue id="979681" tracker="bnc">can not mount subdirectory  share after netapp upgrade</issue>
  <issue id="994520" tracker="bnc">kernel warning on boot: do not call blocking ops when !TASK_RUNNING; state=1 (vmw_vmci module)</issue>
  <issue id="999907" tracker="bnc">kernel BUG at /usr/src/packages/BUILD/kernel-default-3.0.101/linux-3.0/drivers/net/vmxnet3/vmxnet3_drv.c:758!"</issue>
  <issue id="2016-8658" tracker="cve" />
  <issue id="2016-8633" tracker="cve" />
  <issue id="2016-8630" tracker="cve" />
  <issue id="2016-6828" tracker="cve" />
  <issue id="2016-9084" tracker="cve" />
  <issue id="2016-1237" tracker="cve" />
  <issue id="2016-6480" tracker="cve" />
  <issue id="2016-7042" tracker="cve" />
  <issue id="2015-8956" tracker="cve" />
  <issue id="2016-4998" tracker="cve" />
  <issue id="2016-8646" tracker="cve" />
  <issue id="2016-5696" tracker="cve" />
  <issue id="2016-8666" tracker="cve" />
  <issue id="2016-4997" tracker="cve" />
  <issue id="2016-7425" tracker="cve" />
  <issue id="2016-7039" tracker="cve" />
  <issue id="2016-4578" tracker="cve" />
  <issue id="2016-9083" tracker="cve" />
  <issue id="2015-8787" tracker="cve" />
  <issue id="2016-4569" tracker="cve" />
  <issue id="2016-5195" tracker="cve" />
  <issue id="2016-7097" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>dirkmueller</packager>
  <description>
This update for kernel-source-arm64 fixes the following issues:

- aacraid: Check size values after double-fetch from user (CVE-2016-6480 bsc#991608).
- aacraid: prevent out-of-bounds access due to changing fip header sizes (bsc#991608, CVE-2016-6480).
- af_unix: Don't set err in unix_stream_read_generic unless there was an error (bsc#1005101).
- af_vsock: Shrink the area influenced by prepare_to_wait (bsc#994520).
- alsa/hda: Fix superfluous HDMI jack repoll (bsc#1005101).
- alsa/hda: Turn off loopback mixing as default (bsc#1001462).
- apparmor: Add missing id bounds check on dfa verification (bsc#1000304).
- apparmor: Check that xindex is in trans_table bounds (bsc#1000304).
- apparmor: Do not expose kernel stack (bsc#1000304).
- apparmor: Don't check for vmalloc_addr if kvzalloc() failed (bsc#1000304).
- apparmor: Ensure the target profile name is always audited (bsc#1000304).
- apparmor: Exec should not be returning ENOENT when it denies (bsc#1000304).
- apparmor: Fix audit full profile hname on successful load (bsc#1000304).
- apparmor: Fix change_hat not finding hat after policy replacement (bsc#1000287).
- apparmor: Fix disconnected bind mnts reconnection (bsc#1000304).
- apparmor: Fix log failures for all profiles in a set (bsc#1000304).
- apparmor: Fix module parameters can be changed after policy is locked (bsc#1000304).
- apparmor: Fix oops in profile_unpack() when policy_db is not present (bsc#1000304).
- apparmor: Fix put() parent ref after updating the active ref (bsc#1000304).
- apparmor: Fix refcount bug in profile replacement (bsc#1000304).
- apparmor: Fix refcount race when finding a child profile (bsc#1000304).
- apparmor: Fix replacement bug that adds new child to old parent (bsc#1000304).
- apparmor: Fix uninitialized lsm_audit member (bsc#1000304).
- apparmor: Fix update the mtime of the profile file on replacement (bsc#1000304).
- apparmor: Internal paths should be treated as disconnected (bsc#1000304).
- apparmor: Use list_next_entry instead of list_entry_next (bsc#1000304).
- arm/orion5x: Fix legacy get_irqnr_and_base (bsc#1005101).
- ata/ahci_xgene: Dereferencing uninitialized pointer in probe (bsc#1006580).
- batman-adv: Fix memory leak on tt add with invalid vlan (bsc#1005101).
- batman-adv: Replace WARN with rate limited output on non-existing VLAN (bsc#1005101).
- blkfront: Fix an error path memory leak (luckily none so far).
- blktap2: Eliminate deadlock potential from shutdown path (bsc#909994).
- blktap2: Eliminate race from deferred work queue handling (bsc#911687).
- bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925, CVE-2015-8956).
- bna: Add synchronization for tx ring (bsc#993739).
- bonding: Set carrier off for devices created through netlink (bsc#999577).
- brcmfmac: Avoid potential stack overflow in brcmf_cfg80211_start_ap() (bsc#1004462 CVE-2016-8658).
- btrfs: Deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171).
- btrfs: Deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171).
- btrfs: Ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
- btrfs: Fix extent tree corruption due to relocation (bsc#990384).
- btrfs: Fix races on root_log_ctx lists (bsc#1007653).
- cdc-acm: Added sanity checking for probe() (bsc#993891).
- cgroup: Add seq_file forward declaration for struct cftype (bsc#1005101).
- crypto/algif_hash: Only export and import on sockets with data (CVE-2016-8646, bsc#1010150).
- drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005101).
- drm/rockchip: Unset pgoff when mmap'ing gems (bsc#1005101).
- firewire/net: Guard against rx buffer overflows (bsc#1008833, CVE-2016-8633).
- Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bsc#978094)
- fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681, bsc#1000907).
- fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
- fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
- fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
- fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133).
- gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486).
- gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486).
- gro: Defer clearing of flush bit in tunnel paths (CVE-2016-7039 bsc#1001486).
- hid/multitouch: Force retrieving of Win8 signature blob (bsc#1005101).
- input/alps: Add touchstick support for SS5 hardware (bsc#987703).
- input/alps: Allow touchsticks to report pressure (bsc#987703).
- input/alps: Handle 0-pressure 1F events (bsc#987703).
- input/alps: Set DualPoint flag for 74 03 28 devices (bsc#987703).
- ipip: Properly mark ipip GRO packets as encapsulated (bsc#1001486).
- ipv6: Send NEWLINK on RA managed/otherconf changes (bsc#934067).
- ipv6: Send only one NEWLINK when RA causes changes (bsc#934067).
- ipv6: Suppress sparse warnings in IP6_ECN_set_ce() (bsc#1005101).
- kabi: Hide name change of napi_gro_cb::udp_mark (bsc#1001486).
- kabi: Hide new member recursion_counter in struct sk_buff (CVE-2016-7039 bsc#1001486).
- kaweth: Fix firmware download (bsc#993890).
- kaweth: Fix oops upon failed memory allocation (bsc#993890).
- keys: Fix short sprintf buffer in /proc/keys show function (bsc#1004517, CVE-2016-7042).
- kvm/x86: Check memopp before dereference (CVE-2016-8630, bsc#1009222).
- kvm/x86: Only channel 0 of the i8254 is linked to the HPET (bsc#1005101).
- locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580).
- memcg: Fix thresholds for 32b architectures (bsc#1005101).
- net: Add recursion limit to GRO (CVE-2016-7039 bsc#1001486).
- netback: Fix flipping mode (bsc#996664).
- netem: Fix a use after free (bsc#1005101).
- net: Fix warnings in 'make htmldocs' by moving macro definition out of field declaration (bsc#1005101).
- netfront: Linearize SKBs requiring too many slots (bsc#991247).
- netlink: Not trim skb for mmaped socket when dump (bsc#1005101).
- net_sched: Fix pfifo_head_drop behavior vs backlog (bsc#1005101).
- net_sched: Keep backlog updated with qlen (bsc#1005101).
- nfs, 9p: Use file_dentry() (bsc#1005101).
- ovl: Fix open in stacked overlay (bsc#1005101).
- pci: Prevent out of bounds access in numa_node override (bsc#1005101).
- perf/core: Don't leak event in the syscall error path (bsc#1005101).
- perf: Fix PERF_EVENT_IOC_PERIOD deadlock (bsc#1005101).
- posix_acl: Clear SGID bit when setting file permissions (bsc#995968, CVE-2016-7097) (bsc995968, CVE-2016-7097).
- sch_sfb, sch_qfq: Keep backlog updated with qlen (bsc#1005101).
- sch_tbf, sch_red, sch_drr, sch_prio, sch_hfsc: Update backlog as well (bsc#1005101).
- scsi/arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (bsc#999932 CVE-2016-7425).
- tcp: Fix use after free in tcp_xmit_retransmit_queue() (CVE-2016-6828 bsc#994296).
- tpm: Return rc when devm_add_action() fails (bsc#1005101).
- tunnels: Don't apply GRO to multiple layers of encapsulation (bsc#1001486).
- tunnels: Remove encapsulation offloads on decap (bsc#1001486).
- usb: Fix typo in wMaxPacketSize validation (bsc#991665).
- usbhid: Add ATEN CS962 to list of quirky devices (bsc#1007615).
- usb/hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).
- usb: Validate wMaxPacketValue entries in endpoint descriptors (bsc#991665).
- vfio/pci: Fix integer overflows, bitmask check (bsc#1007197, CVE-2016-9083, CVE-2016-9084).
- vmxnet3: Wake queue from reset work (bsc#999907).
- x86/ldt: Print the real LDT base address (bsc#1005101).
- x86/pci: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#1005101).
- xenbus: Don't bail early from xenbus_dev_request_and_reply()
</description>
  <summary>Security update for kernel-source-arm64</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places