Security update for the Linux Kernel

Announcement ID: SUSE-SU-2015:2339-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2015-5157 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2015-7509 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Desktop 11 SP4
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 10 vulnerabilities and has 57 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825).

The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer "^A" notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 11 SP4
    zypper in -t patch sledsp4-kernel-source-12278=1
  • SUSE Linux Enterprise Software Development Kit 11 SP4
    zypper in -t patch sdksp4-kernel-source-12278=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-kernel-source-12278=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-kernel-source-12278=1

Package List:

  • SUSE Linux Enterprise Desktop 11 SP4 (nosrc x86_64 i586)
    • kernel-xen-3.0.101-68.1
    • kernel-default-3.0.101-68.1
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
    • kernel-xen-base-3.0.101-68.1
    • kernel-default-base-3.0.101-68.1
    • kernel-syms-3.0.101-68.1
    • kernel-trace-devel-3.0.101-68.1
    • kernel-xen-devel-3.0.101-68.1
    • kernel-default-devel-3.0.101-68.1
    • kernel-source-3.0.101-68.1
    • kernel-default-extra-3.0.101-68.1
    • kernel-xen-extra-3.0.101-68.1
  • SUSE Linux Enterprise Desktop 11 SP4 (nosrc i586)
    • kernel-pae-3.0.101-68.1
  • SUSE Linux Enterprise Desktop 11 SP4 (i586)
    • kernel-pae-devel-3.0.101-68.1
    • kernel-pae-extra-3.0.101-68.1
    • kernel-pae-base-3.0.101-68.1
  • SUSE Linux Enterprise Desktop 11 SP4 (nosrc)
    • kernel-trace-3.0.101-68.1
  • SUSE Linux Enterprise Software Development Kit 11 SP4 (noarch)
    • kernel-docs-3.0.101-68.2
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 nosrc)
    • kernel-trace-3.0.101-68.1
    • kernel-default-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • kernel-default-base-3.0.101-68.1
    • kernel-syms-3.0.101-68.1
    • kernel-trace-devel-3.0.101-68.1
    • kernel-default-devel-3.0.101-68.1
    • kernel-source-3.0.101-68.1
    • kernel-trace-base-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
    • kernel-ec2-3.0.101-68.1
    • kernel-xen-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
    • kernel-xen-base-3.0.101-68.1
    • kernel-ec2-base-3.0.101-68.1
    • kernel-xen-devel-3.0.101-68.1
    • kernel-ec2-devel-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
    • kernel-pae-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (i586)
    • kernel-pae-devel-3.0.101-68.1
    • kernel-pae-base-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
    • kernel-ppc64-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (ppc64)
    • kernel-ppc64-devel-3.0.101-68.1
    • kernel-ppc64-base-3.0.101-68.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x)
    • kernel-default-man-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
    • kernel-trace-3.0.101-68.1
    • kernel-default-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • kernel-default-base-3.0.101-68.1
    • kernel-syms-3.0.101-68.1
    • kernel-trace-devel-3.0.101-68.1
    • kernel-default-devel-3.0.101-68.1
    • kernel-source-3.0.101-68.1
    • kernel-trace-base-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (ppc64 nosrc)
    • kernel-ppc64-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (ppc64)
    • kernel-ppc64-devel-3.0.101-68.1
    • kernel-ppc64-base-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (nosrc x86_64)
    • kernel-ec2-3.0.101-68.1
    • kernel-xen-3.0.101-68.1
  • SLES for SAP Applications 11-SP4 (x86_64)
    • kernel-xen-base-3.0.101-68.1
    • kernel-ec2-base-3.0.101-68.1
    • kernel-xen-devel-3.0.101-68.1
    • kernel-ec2-devel-3.0.101-68.1

References: