Overview

File _patchinfo of Package patchinfo.4659

<patchinfo incident="4659">
  <issue id="907378" tracker="bnc">ath3k bluetooth probe of 3-7:1.0 failed with error -110 from time to time</issue>
  <issue id="961500" tracker="bnc">VUL-0: CVE-2016-0723: kernel: Use-after-free in TIOCGETD ioctl</issue>
  <issue id="963767" tracker="bnc">VUL-0: CVE-2016-2069 : kernel: race condition in the TLB flush logic</issue>
  <issue id="965308" tracker="bnc">chromium doesn't start after kernel update, Check failed: NamespaceUtils::WriteToIdMapFile("/proc/self/gid_map", gid_)</issue>
  <issue id="965356" tracker="bnc">Chromium: Check failed: NamespaceUtils::WriteToIdMapFile("/proc/self/gid_map", gid_)</issue>
  <issue id="CVE-2016-2069" tracker="cve" />
  <issue id="CVE-2016-0723" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jeff_mahoney</packager>
  <reboot_needed/>
  <description>
The openSUSE 13.2 kernel was updated to receive security and bugfixes.

It also fixes a regression that caused the Chromium sandbox to no longer work (bsc#965356).

Following security bugs were fixed:
- CVE-2016-2069: A flaw was discovered in a way the Linux deals with
  paging structures. When Linux invalidates a paging structure that is
  not in use locally, it could, in principle, race against another CPU
  that is switching to a process that uses the paging structure in question, causing
  a local denial service (machine crash). (bnc#963767).
- CVE-2016-0723: Race condition in the tty_ioctl function in
  drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
  sensitive information from kernel memory or cause a denial of service
  (use-after-free and system crash) by making a TIOCGETD ioctl
  call during processing of a TIOCSETD ioctl call (bnc#961500).

The following non-security bugs were fixed:
- Bluetooth: ath3k: workaround the compatibility issue with xHCI controller (bnc#907378).
- kABI fix for addition of user_namespace.flags field (bnc#965308, bnc#965356).
- userns: Add a knob to disable setgroups on a per user namespace basis (bnc#965308, bnc#965356).
- userns: Allow setting gid_maps without privilege when setgroups is disabled (bnc#965308, bnc#965356).
- userns: Rename id_map_mutex to userns_state_mutex (bnc#965308, bnc#965356).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places