Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2015:1478-1: important: Security update for the Linux Kernel

Recommended Posts

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2015:1478-1

Rating: important

References: #798406 #821931 #860593 #879878 #891087 #897995

#898693 #900881 #904671 #908870 #909477 #912916

#914742 #915200 #915517 #915577 #916010 #917093

#917830 #918333 #919007 #919018 #919463 #921769

#922583 #923245 #926240 #927257 #928801 #929148

#929283 #929360 #929525 #930284 #930934 #931474

#933429 #935705 #936831 #937032 #937986 #940338

#940398

Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9683

CVE-2015-0777 CVE-2015-1420 CVE-2015-1421

CVE-2015-1805 CVE-2015-2041 CVE-2015-2042

CVE-2015-2150 CVE-2015-2830 CVE-2015-2922

CVE-2015-3331 CVE-2015-3636 CVE-2015-4700

CVE-2015-5364 CVE-2015-5366 CVE-2015-5707

 

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Debuginfo 11-SP2

______________________________________________________________________________

 

An update that solves 18 vulnerabilities and has 25 fixes

is now available.

 

Description:

 

 

The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive

various security and bugfixes.

 

The following security bugs were fixed:

- CVE-2015-5707: An integer overflow in the SCSI generic driver could be

potentially used by local attackers to crash the kernel or execute code.

- CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not

prevent the TS_COMPAT flag from reaching a user-mode task, which might

have allowed local users to bypass the seccomp or audit protection

mechanism via a crafted application that uses the (1) fork or (2) close

system call, as demonstrated by an attack against seccomp before 3.16

(bnc#926240).

- CVE-2015-0777: drivers/xen/usbback/usbback.c in the Linux kernel allowed

guest OS users to obtain sensitive information from uninitialized

locations in host OS kernel memory via unspecified vectors (bnc#917830).

- CVE-2015-2150: Xen and the Linux kernel did not properly restrict access

to PCI command registers, which might have allowed local guest users to

cause a denial of service (non-maskable interrupt and host crash) by

disabling the (1) memory or (2) I/O decoding for a PCI Express device

and then accessing the device, which triggers an Unsupported Request

(UR) response (bnc#919463).

- CVE-2015-5364: A remote denial of service (hang) via UDP flood with

incorrect package checksums was fixed. (bsc#936831).

- CVE-2015-5366: A remote denial of service (unexpected error returns) via

UDP flood with incorrect package checksums was fixed. (bsc#936831).

- CVE-2015-1420: CVE-2015-1420: Race condition in the handle_to_path

function in fs/fhandle.c in the Linux kernel allowed local users to

bypass intended size restrictions and trigger read operations on

additional memory locations by changing the handle_bytes value of a file

handle during the execution of this function (bnc#915517).

- CVE-2015-4700: A local user could have created a bad instruction in the

JIT processed BPF code, leading to a kernel crash (bnc#935705).

- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in

fs/pipe.c in the Linux kernel did not properly consider the side effects

of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,

which allowed local users to cause a denial of service (system crash)

or possibly gain privileges via a crafted application, aka an "I/O

vector array overrun" (bnc#933429).

- CVE-2015-3331: The __driver_rfc4106_decrypt function in

arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly

determine the memory locations used for encrypted data, which allowed

context-dependent attackers to cause a denial of service (buffer

overflow and system crash) or possibly execute arbitrary code by

triggering a crypto API call, as demonstrated by use of a libkcapi test

program with an AF_ALG(aead) socket (bnc#927257).

- CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c

in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack

in the Linux kernel allowed remote attackers to reconfigure a hop-limit

setting via a small hop_limit value in a Router Advertisement (RA)

message (bnc#922583).

- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an

incorrect data type in a sysctl table, which allowed local users to

obtain potentially sensitive information from kernel memory or possibly

have unspecified other impact by accessing a sysctl entry (bnc#919007).

- CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux

kernel did not initialize a certain list data structure during an unhash

operation, which allowed local users to gain privileges or cause a

denial of service (use-after-free and system crash) by leveraging the

ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or

IPPROTO_ICMPV6 protocol, and then making a connect system call after a

disconnect (bnc#929525).

- CVE-2014-8086: Race condition in the ext4_file_write_iter function in

fs/ext4/file.c in the Linux kernel allowed local users to cause a denial

of service (file unavailability) via a combination of a write action and

an F_SETFL fcntl operation for the O_DIRECT flag (bnc#900881).

- CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel

did not properly restrict use of User Verbs for registration of memory

regions, which allowed local users to access arbitrary physical memory

locations, and consequently cause a denial of service (system crash)

or gain privileges, by leveraging permissions on a uverbs device under

/dev/infiniband/ (bnc#914742).

- CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename

function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux

kernel allowed local users to cause a denial of service (buffer overflow

and system crash) or possibly gain privileges via a crafted filename

(bnc#918333).

- CVE-2015-2042: net/rds/sysctl.c in the Linux kernel used an incorrect

data type in a sysctl table, which allowed local users to obtain

potentially sensitive information from kernel memory or possibly have

unspecified other impact by accessing a sysctl entry (bnc#919018).

- CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update

function in net/sctp/associola.c in the Linux kernel allowed remote

attackers to cause a denial of service (slab corruption and panic) or

possibly have unspecified other impact by triggering an INIT collision

that leads to improper handling of shared-key data (bnc#915577).

 

The following non-security bugs were fixed:

- HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#931474).

- HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#931474).

- HID: add quirk for PIXART OEM mouse used by HP (bnc#931474).

- HID: usbhid: add always-poll quirk (bnc#931474).

- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#931474).

- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b

(bnc#931474).

- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103

(bnc#931474).

- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f

(bnc#931474).

- HID: usbhid: enable always-poll quirk for Elan Touchscreen.

- HID: usbhid: fix PIXART optical mouse (bnc#931474).

- HID: usbhid: more mice with ALWAYS_POLL (bnc#931474).

- HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#931474).

- bnx2x: Fix kdump when iommu=on (bug#921769).

- cifs: fix use-after-free bug in find_writable_file (bnc#909477).

- coredump: ensure the fpu state is flushed for proper multi-threaded core

dump (bsc#904671, bsc#929360).

- dm: fixed that LVM merge snapshot of root logical volume were not

working (bsc#928801)

- deal with deadlock in d_walk fix (bnc#929148, bnc#929283).

- e1000: do not enable dma receives until after dma address has been setup

(bsc#821931).

- fsnotify: Fix handling of renames in audit (bnc#915200).

- inet: add a redirect generation id in inetpeer (bnc#860593).

- inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593).

- kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593).

- kernel: fix data corruption when reading /proc/sysinfo (bsc#891087,

bsc#937986, LTC#114480).

- libata: prevent HSM state change race between ISR and PIO (bsc#923245).

- time, ntp: Do not update time_state in middle of leap second

(bsc#912916).

- s390-3215-tty-close-crash.patch: kernel: 3215 tty close crash

(bsc#916010, LTC#120873).

- s390-3215-tty-close-race.patch: kernel: 3215 console crash (bsc#916010,

LTC#94302).

- s390-3215-tty-hang.patch: Renamed from patches.arch/s390-tty-hang.patch.

- s390-3215-tty-hang.patch: Update references (bnc#898693, bnc#897995,

LTC#114562).

- s390-dasd-retry-partition-detection.patch: s390/dasd: retry partition

detection (bsc#916010, LTC#94302).

- s390-dasd-retry-partition-detection.patch: Update references

(bsc#916010, LTC#120565).

- s390-sclp-tty-refcount.patch: kernel: sclp console tty reference

counting (bsc#916010, LTC#115466).

- scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).

- scsi/sg: sg_start_req(): make sure that there is not too many elements

in iovec (bsc#940338).

- x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state()

(bsc#904671, bsc#929360).

- x86-mm-send-tlb-flush-ipis-to-online-cpus-only.patch: x86, mm: Send tlb

flush IPIs to online cpus only (bnc#798406).

- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).

- x86/reboot: Fix a warning message triggered by stop_other_cpus()

(bnc#930284).

- xen: Correctly re-enable interrupts in xen_spin_wait() (bsc#879878,

bsc#908870).

- xfs: prevent deadlock trying to cover an active log (bsc#917093).

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS:

 

zypper in -t patch slessp2-kernel-20150819-12065=1

 

- SUSE Linux Enterprise Debuginfo 11-SP2:

 

zypper in -t patch dbgsp2-kernel-20150819-12065=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

 

kernel-default-3.0.101-0.7.37.1

kernel-default-base-3.0.101-0.7.37.1

kernel-default-devel-3.0.101-0.7.37.1

kernel-source-3.0.101-0.7.37.1

kernel-syms-3.0.101-0.7.37.1

kernel-trace-3.0.101-0.7.37.1

kernel-trace-base-3.0.101-0.7.37.1

kernel-trace-devel-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64):

 

kernel-ec2-3.0.101-0.7.37.1

kernel-ec2-base-3.0.101-0.7.37.1

kernel-ec2-devel-3.0.101-0.7.37.1

kernel-xen-3.0.101-0.7.37.1

kernel-xen-base-3.0.101-0.7.37.1

kernel-xen-devel-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (s390x):

 

kernel-default-man-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586):

 

kernel-pae-3.0.101-0.7.37.1

kernel-pae-base-3.0.101-0.7.37.1

kernel-pae-devel-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):

 

kernel-default-debuginfo-3.0.101-0.7.37.1

kernel-default-debugsource-3.0.101-0.7.37.1

kernel-default-devel-debuginfo-3.0.101-0.7.37.1

kernel-trace-debuginfo-3.0.101-0.7.37.1

kernel-trace-debugsource-3.0.101-0.7.37.1

kernel-trace-devel-debuginfo-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64):

 

kernel-ec2-debuginfo-3.0.101-0.7.37.1

kernel-ec2-debugsource-3.0.101-0.7.37.1

kernel-xen-debuginfo-3.0.101-0.7.37.1

kernel-xen-debugsource-3.0.101-0.7.37.1

kernel-xen-devel-debuginfo-3.0.101-0.7.37.1

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (i586):

 

kernel-pae-debuginfo-3.0.101-0.7.37.1

kernel-pae-debugsource-3.0.101-0.7.37.1

kernel-pae-devel-debuginfo-3.0.101-0.7.37.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-8086.html

https://www.suse.com/security/cve/CVE-2014-8159.html

https://www.suse.com/security/cve/CVE-2014-9683.html

https://www.suse.com/security/cve/CVE-2015-0777.html

https://www.suse.com/security/cve/CVE-2015-1420.html

https://www.suse.com/security/cve/CVE-2015-1421.html

https://www.suse.com/security/cve/CVE-2015-1805.html

https://www.suse.com/security/cve/CVE-2015-2041.html

https://www.suse.com/security/cve/CVE-2015-2042.html

https://www.suse.com/security/cve/CVE-2015-2150.html

https://www.suse.com/security/cve/CVE-2015-2830.html

https://www.suse.com/security/cve/CVE-2015-2922.html

https://www.suse.com/security/cve/CVE-2015-3331.html

https://www.suse.com/security/cve/CVE-2015-3636.html

https://www.suse.com/security/cve/CVE-2015-4700.html

https://www.suse.com/security/cve/CVE-2015-5364.html

https://www.suse.com/security/cve/CVE-2015-5366.html

https://www.suse.com/security/cve/CVE-2015-5707.html

https://bugzilla.suse.com/798406

https://bugzilla.suse.com/821931

https://bugzilla.suse.com/860593

https://bugzilla.suse.com/879878

https://bugzilla.suse.com/891087

https://bugzilla.suse.com/897995

https://bugzilla.suse.com/898693

https://bugzilla.suse.com/900881

https://bugzilla.suse.com/904671

https://bugzilla.suse.com/908870

https://bugzilla.suse.com/909477

https://bugzilla.suse.com/912916

https://bugzilla.suse.com/914742

https://bugzilla.suse.com/915200

https://bugzilla.suse.com/915517

https://bugzilla.suse.com/915577

https://bugzilla.suse.com/916010

https://bugzilla.suse.com/917093

https://bugzilla.suse.com/917830

https://bugzilla.suse.com/918333

https://bugzilla.suse.com/919007

https://bugzilla.suse.com/919018

https://bugzilla.suse.com/919463

https://bugzilla.suse.com/921769

https://bugzilla.suse.com/922583

https://bugzilla.suse.com/923245

https://bugzilla.suse.com/926240

https://bugzilla.suse.com/927257

https://bugzilla.suse.com/928801

https://bugzilla.suse.com/929148

https://bugzilla.suse.com/929283

https://bugzilla.suse.com/929360

https://bugzilla.suse.com/929525

https://bugzilla.suse.com/930284

https://bugzilla.suse.com/930934

https://bugzilla.suse.com/931474

https://bugzilla.suse.com/933429

https://bugzilla.suse.com/935705

https://bugzilla.suse.com/936831

https://bugzilla.suse.com/937032

https://bugzilla.suse.com/937986

https://bugzilla.suse.com/940338

https://bugzilla.suse.com/940398

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×