File _patchinfo of Package patchinfo
<patchinfo incident="4557"> <issue id="865096" tracker="bnc">[Test Case 1366807] kernel-default-base-3.12.10-2.3 package conflicts during upgrade SLES11SP3 to SLES12Beta1</issue> <issue id="865259" tracker="bnc">[Test Case 1279393] [Build 0094] ocfs2-kmp-* not installed by default</issue> <issue id="913996" tracker="bnc">Applying Critical Updates Causes System to no longer boot (ucode-intel / ucode-amd problem?)</issue> <issue id="950178" tracker="bnc">Can't rename files (on btrfs)</issue> <issue id="950998" tracker="bnc">VUL-1: CVE-2015-7833: kernel: usbvision: crash on invalid USB device descriptors</issue> <issue id="952621" tracker="bnc">alx ethernet driver crashes with fatal interrupt 0x4019607, resetting</issue> <issue id="954324" tracker="bnc">nousb boot option has no effect (42.1 and Tumbleweed)</issue> <issue id="954532" tracker="bnc">Elantech Touchpad on Acer Aspire R11 not detected</issue> <issue id="954647" tracker="bnc">Fixes for Dell headset are missing from Leap 4.1.x kernel</issue> <issue id="955422" tracker="bnc">fragmented IPv6 multicast frames sometimes missing with bridged macvlan</issue> <issue id="956708" tracker="bnc">VUL-0: CVE-2015-7515: kernel: aiptek: crash on invalid USB device descriptors</issue> <issue id="957152" tracker="bnc">thinkpad_acpi: Unsupported brightness interface</issue> <issue id="957988" tracker="bnc">VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155)</issue> <issue id="957990" tracker="bnc">VUL-0: CVE-2015-8551,CVE-2015-8552,CVE-2015-8553: kernel: xen: Linux pciback missing sanity checks leading to crash (XSA-157)</issue> <issue id="958439" tracker="bnc">Noise in headphones when shutting down or rebooting</issue> <issue id="958463" tracker="bnc">VUL-0: CVE-2015-8539: kernel: Fix handling of stored error in a negatively instantiated user key</issue> <issue id="958504" tracker="bnc">Constant background noise on T440s and loud cracking noise after audio powersave</issue> <issue id="958510" tracker="bnc">Spurious 'modversion changed' messages in drivers/edac</issue> <issue id="958886" tracker="bnc">VUL-1: CVE-2015-8543: kernel-source: connect IPv6/SOCK_RAW connect causes a denial of service</issue> <issue id="958951" tracker="bnc">VUL-0: CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke</issue> <issue id="959190" tracker="bnc">VUL-1: CVE-2015-8569: kernel: information leak using getsockname</issue> <issue id="959399" tracker="bnc">VUL-1: CVE-2015-8575: kernel-source: information leak from getsockname in bluetooth/sco</issue> <issue id="960021" tracker="bnc">Incomplete Skylake graphics support in 4.1.x kernel</issue> <issue id="960710" tracker="bnc">crash when unloading+loading snd_hda_intel</issue> <issue id="961263" tracker="bnc">NCQ Timeout with SMR drives (e.g. Seagate 8tb hdd)</issue> <issue id="961509" tracker="bnc">VUL-0: CVE-2015-8767: kernel: SCTP denial of service during heartbeat timeout functions</issue> <issue id="962075" tracker="bnc">VUL-0: CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility</issue> <issue id="962597" tracker="bnc">virtio_rng causes long stalls during shutdown</issue> <issue id="CVE-2015-8767" tracker="cve" /> <issue id="CVE-2016-0728" tracker="cve" /> <issue id="CVE-2015-7550" tracker="cve" /> <issue id="CVE-2015-8539" tracker="cve" /> <issue id="CVE-2015-8569" tracker="cve" /> <issue id="CVE-2015-8575" tracker="cve" /> <issue id="CVE-2015-8543" tracker="cve" /> <issue id="CVE-2015-8551" tracker="cve" /> <issue id="CVE-2015-8552" tracker="cve" /> <issue id="CVE-2015-8550" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>tiwai</packager> <reboot_needed/> <description> The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed: - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439). - ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - ALSA: hda - Flush the pending probe work at remove (boo#960710). - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439). - Add Cavium Thunderx network enhancements - Add RHEL to kernel-obs-build - Backport amd xgbe fixes and features - Backport arm64 patches from SLE12-SP1-ARM. - Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178). - Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178). - Documentation: nousb is a module parameter (bnc#954324). - Driver for IBM System i/p VNIC protocol. - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module. - Fix PCI generic host controller - Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263). - HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532). - HID: multitouch: fix input mode switching on some Elan panels (boo#954532). - Implement enable/disable for Display C6 state (boo#960021). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - Linux 4.1.15 (boo#954647 bsc#955422). - Move kabi patch to patches.kabi directory - Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers. - PCI: generic: Pass starting bus number to pci_scan_root_bus(). - Revert "block: remove artifical max_hw_sectors cap" (boo#961263). - Set system time through RTC device - Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel. - Update config files: CONFIG_IBMVNIC=m - block/sd: Fix device-imposed transfer length limits (boo#961263). - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263). - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021). - drm/i915/skl: Add DC6 Trigger sequence (boo#960021). - drm/i915/skl: Add support to load SKL CSR firmware (boo#960021). - drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021). - drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021). - drm/i915/skl: Fix DMC API version in firmware file name (boo#960021). - drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021). - drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021). - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021). - drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021). - drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021). - drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021). - drm/i915/skl: add F0 stepping ID (boo#960021). - drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021). - drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021). - drm/i915: Fix CSR MMIO address check (boo#960021). - drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021). - drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021). - ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory - hwrng: core - sleep interruptible in read (bnc#962597). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - kABI fixes for linux-4.1.15. - rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere. - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259 - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file - rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs. - rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096) - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152). - usb: make "nousb" a clear module parameter (bnc#954324). - usbvision fix overflow of interfaces array (bnc#950998). - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996). - x86/microcode/amd: Extract current patch level read to a function (bsc#913996). - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). - xhci: refuse loading if nousb is used (bnc#954324). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
