File _patchinfo of Package patchinfo.4563
<patchinfo incident="4563"> <packager>jeff_mahoney</packager> <issue id="906545" tracker="bnc">VUL-0: CVE-2014-8989: kernel-source: Linux user namespaces can bypass group-based restrictions</issue> <issue id="912202" tracker="bnc">VUL-0: CVE-2014-9529: kernel-source: security/keys/gc.c race condition</issue> <issue id="921949" tracker="bnc">VFIO device attaching: setrlimit DENIED</issue> <issue id="937969" tracker="bnc">VUL-0: CVE-2015-3290: kernel: A thinko in nested NMI handling</issue> <issue id="951627" tracker="bnc">VUL-0: CVE-2015-7885: kernel: ioctl infoleaks on dgnc</issue> <issue id="952976" tracker="bnc">sles 12 guest PV using tap:aio will crash the host (dom0)</issue> <issue id="953052" tracker="bnc">VUL-1: CVE-2015-7990: kernel live patch: Incomplete fix for CVE-2015-6937, RDS socket handling</issue> <issue id="954138" tracker="bnc">openSUSE 13.2 does not detect 5 TB USB disk and crashes when it is unplugged</issue> <issue id="956708" tracker="bnc">VUL-0: CVE-2015-7515: kernel: aiptek: crash on invalid USB device descriptors</issue> <issue id="957988" tracker="bnc">VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155)</issue> <issue id="957990" tracker="bnc">VUL-0: CVE-2015-8551,CVE-2015-8552,CVE-2015-8553: kernel: xen: Linux pciback missing sanity checks leading to crash (XSA-157)</issue> <issue id="958504" tracker="bnc">Constant background noise on T440s and loud cracking noise after audio powersave</issue> <issue id="959568" tracker="bnc">BD-RE in random access mode fails</issue> <issue id="960839" tracker="bnc">VUL-0: CVE-2015-8746: kernel: nfs: NULL pointer dereference of migration recovery ops for v4.2 client</issue> <issue id="961739" tracker="bnc">KVM:</issue> <issue id="CVE-2014-2568" tracker="cve" /> <issue id="CVE-2014-8133" tracker="cve" /> <issue id="CVE-2014-8989" tracker="cve" /> <issue id="CVE-2014-9090" tracker="cve" /> <issue id="CVE-2014-9419" tracker="cve" /> <issue id="CVE-2014-9529" tracker="cve" /> <issue id="CVE-2014-9683" tracker="cve" /> <issue id="CVE-2014-9715" tracker="cve" /> <issue id="CVE-2014-9728" tracker="cve" /> <issue id="CVE-2014-9729" tracker="cve" /> <issue id="CVE-2014-9730" tracker="cve" /> <issue id="CVE-2014-9731" tracker="cve" /> <issue id="CVE-2015-0272" tracker="cve" /> <issue id="CVE-2015-0777" tracker="cve" /> <issue id="CVE-2015-1420" tracker="cve" /> <issue id="CVE-2015-1421" tracker="cve" /> <issue id="CVE-2015-2041" tracker="cve" /> <issue id="CVE-2015-2042" tracker="cve" /> <issue id="CVE-2015-2150" tracker="cve" /> <issue id="CVE-2015-2666" tracker="cve" /> <issue id="CVE-2015-2830" tracker="cve" /> <issue id="CVE-2015-2922" tracker="cve" /> <issue id="CVE-2015-2925" tracker="cve" /> <issue id="CVE-2015-3212" tracker="cve" /> <issue id="CVE-2015-3339" tracker="cve" /> <issue id="CVE-2015-3636" tracker="cve" /> <issue id="CVE-2015-4001" tracker="cve" /> <issue id="CVE-2015-4002" tracker="cve" /> <issue id="CVE-2015-4003" tracker="cve" /> <issue id="CVE-2015-4004" tracker="cve" /> <issue id="CVE-2015-4036" tracker="cve" /> <issue id="CVE-2015-4167" tracker="cve" /> <issue id="CVE-2015-4692" tracker="cve" /> <issue id="CVE-2015-4700" tracker="cve" /> <issue id="CVE-2015-5157" tracker="cve" /> <issue id="CVE-2015-5283" tracker="cve" /> <issue id="CVE-2015-5307" tracker="cve" /> <issue id="CVE-2015-5364" tracker="cve" /> <issue id="CVE-2015-5366" tracker="cve" /> <issue id="CVE-2015-5707" tracker="cve" /> <issue id="CVE-2015-6937" tracker="cve" /> <issue id="CVE-2015-7550" tracker="cve" /> <issue id="CVE-2015-7799" tracker="cve" /> <issue id="CVE-2015-7833" tracker="cve" /> <issue id="CVE-2015-7872" tracker="cve" /> <issue id="CVE-2015-7885" tracker="cve" /> <issue id="CVE-2015-7990" tracker="cve" /> <issue id="CVE-2015-8104" tracker="cve" /> <issue id="CVE-2015-8215" tracker="cve" /> <issue id="CVE-2015-8543" tracker="cve" /> <issue id="CVE-2015-8550" tracker="cve" /> <issue id="CVE-2015-8551" tracker="cve" /> <issue id="CVE-2015-8552" tracker="cve" /> <issue id="CVE-2015-8569" tracker="cve" /> <issue id="CVE-2015-8575" tracker="cve" /> <issue id="CVE-2015-8767" tracker="cve" /> <issue id="CVE-2016-0728" tracker="cve" /> <issue tracker="bnc" id="814440">HP CSBU SP3 bug: driver for Creative Recon3D audio working in Beta3, broken in Beta4</issue> <issue tracker="bnc" id="851610">USB 3.0 external hard disk not detected</issue> <issue tracker="bnc" id="869564">VUL-1: CVE-2014-2568: kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied</issue> <issue tracker="bnc" id="873385">Lost network connection after delete ip rule table</issue> <issue tracker="bnc" id="907818">VUL-0: CVE-2014-9090: kernel: x86_64, traps: Stop using IST for #SS</issue> <issue tracker="bnc" id="909077">VUL-0: CVE-2014-8133: kernel: tls: Validate TLS entries to protect espfix</issue> <issue tracker="bnc" id="909477">cifs crashes system on network issue</issue> <issue tracker="bnc" id="911326">VUL-0: CVE-2014-9419: kernel-source: partial ASLR bypass through TLS base addresses leak</issue> <issue tracker="bnc" id="915517">VUL-0: CVE-2015-1420: kernel-source: Linux kernel fs/fhandle.c race condition</issue> <issue tracker="bnc" id="915577">VUL-0: CVE-2015-1421: kernel: net: sctp: slab corruption from use after free on INIT collisions</issue> <issue tracker="bnc" id="917830">VUL-0: CVE-2015-0777: kernel: xen/usbback/usbback.c information leak to guest</issue> <issue tracker="bnc" id="918333">VUL-0: CVE-2014-9683: kernel: eCryptfs writes past the end of the allocated buffer</issue> <issue tracker="bnc" id="919007">VUL-0: CVE-2015-2041: kernel: Incorrect data type in llc2_timeout_table</issue> <issue tracker="bnc" id="919018">VUL-0: CVE-2015-2042: kernel: Incorrect data type in rds_sysctl_rds_table</issue> <issue tracker="bnc" id="919463">VUL-0: CVE-2015-2150: kernel: xen, XSA-120: Non-maskable interrupts triggerable by guests</issue> <issue tracker="bnc" id="919596">Hyper-V: Add processing of MTU reduced by the host</issue> <issue tracker="bnc" id="921313">HD-audio controller fallback breakage</issue> <issue tracker="bnc" id="922583">VUL-1: CVE-2015-2922: kernel: ipv6 hop limit issue VU#711516</issue> <issue tracker="bnc" id="922936">KVM network freezes, have hdr_len patches of 14 Nov 2013 been applied?</issue> <issue tracker="bnc" id="922944">VUL-1: CVE-2015-2666: kernel: overflow in microcode loader</issue> <issue tracker="bnc" id="926238">VUL-0: CVE-2015-2925: kernel-source: vfs: Do not allow escaping from bind mounts</issue> <issue tracker="bnc" id="926240">VUL-0: CVE-2015-2830: kernel-source: int80 fork from 64-bit tasks mishandling</issue> <issue tracker="bnc" id="927780">VUL-0: CVE-2014-9715: kernel: netfilter connection tracking extensions denial of service</issue> <issue tracker="bnc" id="927786">kernel deadlock in networking</issue> <issue tracker="bnc" id="928130">VUL-0: CVE-2015-3339: kernel: race condition between chown() and execve()</issue> <issue tracker="bnc" id="929525">VUL-1: CVE-2015-3636: kernel: ping sockets: use-after-free leading to local privilege escalation</issue> <issue tracker="bnc" id="930399">Soft lockup: route replace leaves out hops and duplicate gateway entries in the routing table; attempt to delete it causes lockup</issue> <issue tracker="bnc" id="931988">VUL-0: CVE-2015-4036: kernel: potential memory corruption (denial of service) in vhost/scsi driver</issue> <issue tracker="bnc" id="932348">cifs client can fail to negotiate protocol with SMB1 with security ntlmssp & extended_security</issue> <issue tracker="bnc" id="933896">VUL-1: CVE-2014-9731: kernel: fs: udf: information leakage when reading symlink</issue> <issue tracker="bnc" id="933904">VUL-0: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730: kernel: fs: udf: heap overflow in __udf_adinicb_readpage</issue> <issue tracker="bnc" id="933907">VUL-0: CVE-2015-4167: kernel: fs: udf: Check length of extended attributes to avoid oops</issue> <issue tracker="bnc" id="933934">VUL-0: CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4004: kernel: The OZWPAN driver in the Linux kernel through 4.0.5 has multiple problems</issue> <issue tracker="bnc" id="935542">VUL-0: CVE-2015-4692: kernel: kvm: x86: NULL pointer dereference in kvm_apic_has_events function</issue> <issue tracker="bnc" id="935705">VUL-0: CVE-2015-4700: kernel: bpf jit optimization flaw can panic kernel.</issue> <issue tracker="bnc" id="936502">VUL-0: CVE-2015-3212: kernel-source: SCTP race condition allows list corruption and panic from userlevel</issue> <issue tracker="bnc" id="936831">VUL-0: CVE-2015-5364,CVE-2015-5366: kernel: net: remote DoS via flood of UDP packets with invalid checksums</issue> <issue tracker="bnc" id="937032">VUL-0: kernel: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%.</issue> <issue tracker="bnc" id="937033">VUL-0: kernel: ASLR mmap weakness: Reducing entropy by half on some architectures</issue> <issue tracker="bnc" id="938706">VUL-0: CVE-2015-5157: kernel: NMI nesting run into IRET faults</issue> <issue tracker="bnc" id="940338">VUL-0: CVE-2015-5707: kernel: Integer overflow in SCSI generic driver</issue> <issue tracker="bnc" id="944296">VUL-0: CVE-2015-0272: NetworkManager: remote DoS using IPv6 RA with bogus MTU</issue> <issue tracker="bnc" id="945825">VUL-1: CVE-2015-6937: kernel-source: NULL pointer dereference in net/rds/connection.c</issue> <issue tracker="bnc" id="947155">VUL-0: CVE-2015-5283: kernel-source: Creating multiple sockets when SCTP module isnt loaded leads to kernel panic</issue> <issue tracker="bnc" id="949936">VUL-0: CVE-2015-7799: kernel: Using the PPP character device driver caused the system to restart</issue> <issue tracker="bnc" id="950998">VUL-1: CVE-2015-7833: kernel: usbvision: crash on invalid USB device descriptors</issue> <issue tracker="bnc" id="951194">Some Haswell laptops wake up without reason from S3</issue> <issue tracker="bnc" id="951440">VUL-0: CVE-2015-7872: kernel: Keyrings crash triggerable by unprivileged user</issue> <issue tracker="bnc" id="952384">VUL-1: CVE-2015-7990: kernel: Incomplete fix for CVE-2015-6937, RDS socket handling</issue> <issue tracker="bnc" id="952579">Corrupt IPv6 packets after upgrading to 3.12.48-52.27.1</issue> <issue tracker="bnc" id="953527">VUL-0: CVE-2015-5307: kernel: kvm: x86: avoid guest->host DOS by intercepting #AC</issue> <issue tracker="bnc" id="954404">VUL-0: CVE-2015-8104: kernel: kvm: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception</issue> <issue tracker="bnc" id="955224">PMTU flapping problem in SLES12</issue> <issue tracker="bnc" id="955354">VUL-1: CVE-2015-8215: kernel: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does notvalidate attempted cha...</issue> <issue tracker="bnc" id="955422">fragmented IPv6 multicast frames sometimes missing with bridged macvlan</issue> <issue tracker="bnc" id="956934">nfsidmap: fopen(/proc/keys) failed: No such file or directory</issue> <issue tracker="bnc" id="958510">Spurious modversion changed messages in drivers/edac</issue> <issue tracker="bnc" id="958886">VUL-1: CVE-2015-8543: kernel-source: connect IPv6/SOCK_RAW connect causes a denial of service</issue> <issue tracker="bnc" id="958951">VUL-0: CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke</issue> <issue tracker="bnc" id="959190">VUL-1: CVE-2015-8569: kernel: information leak using getsockname</issue> <issue tracker="bnc" id="959399">VUL-1: CVE-2015-8575: kernel-source: information leak from getsockname in bluetooth/sco</issue> <issue tracker="bnc" id="961509">VUL-0: CVE-2015-8767: kernel: SCTP denial of service during heartbeat timeout functions</issue> <issue tracker="bnc" id="962075">VUL-0: CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility</issue> <category>security</category> <rating>important</rating> <summary>Security update for the Linux Kernel</summary> <description>The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (bnc#906545). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (bnc#912202). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937 (bnc#952384 953052). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-7885: The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951627). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934). - KVM: x86: update masterclock values on TSC writes (bsc#961739). - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cdrom: Random writing support for BD-RE media (bnc#959568). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipv6: fix tunnel error handling (bsc#952579). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - uas: Add response iu handling (bnc#954138). - usbvision fix overflow of interfaces array (bnc#950998). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).</description> <reboot_needed/> </patchinfo>
