Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2016:2625-1: important: Security update for the Linux Kernel

Recommended Posts

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:2625-1

Rating: important

References: #1000287 #1001486 #1003077 #1003925 #1003931

#1004045 #1004418 #1004462 #881008 #909994

#911687 #922634 #951155 #960689 #978094 #980371

#986570 #989152 #991247 #991608 #991665 #993890

#993891 #994296 #994520 #994748 #994752 #994759

#996664 #999600 #999932

Cross-References: CVE-2015-7513 CVE-2015-8956 CVE-2016-0823

CVE-2016-1237 CVE-2016-5195 CVE-2016-5696

CVE-2016-6327 CVE-2016-6480 CVE-2016-6828

CVE-2016-7117 CVE-2016-7425 CVE-2016-8658

 

Affected Products:

openSUSE 13.2

______________________________________________________________________________

 

An update that solves 12 vulnerabilities and has 19 fixes

is now available.

 

Description:

 

 

The openSUSE 13.2 kernel was updated to receive various security and

bugfixes.

 

The following security bugs were fixed:

 

- CVE-2015-8956: The rfcomm_sock_bind function in

net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to

obtain sensitive information or cause a denial of service (NULL pointer

dereference) via vectors involving a bind system call on a Bluetooth

RFCOMM socket (bnc#1003925).

- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,

which is reportedly exploited in the wild (bsc#1004418).

- CVE-2016-8658: Stack-based buffer overflow in the

brcmf_cfg80211_start_ap function in

drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux

kernel allowed local users to cause a denial of service (system crash)

or possibly have unspecified other impact via a long SSID Information

Element in a command to a Netlink socket (bnc#1004462).

- CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg

function in net/socket.c in the Linux kernel allowed remote attackers to

execute arbitrary code via vectors involving a recvmmsg system call that

is mishandled during error processing (bnc#1003077).

- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the

Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01,

allowed local users to obtain sensitive physical-address information by

reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).

- CVE-2016-7425: The arcmsr_iop_message_xfer function in

drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a

certain length field, which allowed local users to gain privileges

or cause a denial of service (heap-based buffer overflow) via an

ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

- CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel

allowed local users to cause a denial of service (NULL pointer

dereference and system crash) by using an ABORT_TASK command to abort a

device write operation (bnc#994748).

- CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in

the Linux kernel did not properly maintain certain SACK state after a

failed data copy, which allowed local users to cause a denial of service

(tcp_xmit_retransmit_queue use-after-free and system crash) via a

crafted SACK option (bnc#994296).

- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly

determine the rate of challenge ACK segments, which made it easier for

man-in-the-middle attackers to hijack TCP sessions via a blind in-window

attack (bnc#989152)

- CVE-2016-6480: Race condition in the ioctl_send_fib function in

drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users

to cause a denial of service (out-of-bounds access or system crash) by

changing a certain size value, aka a "double fetch" vulnerability

(bnc#991608).

- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the

PIT counter values during state restoration, which allowed guest OS

users to cause a denial of service (divide-by-zero error and host OS

crash) via a zero value, related to the kvm_vm_ioctl_set_pit and

kvm_vm_ioctl_set_pit2 functions (bnc#960689).

- CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass

intended file-permission restrictions by setting a POSIX ACL, related to

nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570).

 

The following non-security bugs were fixed:

 

- AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).

- xen: Fix refcnt regression in xen netback introduced by changes made for

bug#881008 (bnc#978094)

- MSI-X: fix an error path (luckily none so far).

- usb: fix typo in wMaxPacketSize validation (bsc#991665).

- usb: validate wMaxPacketValue entries in endpoint descriptors

(bnc#991665).

- Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch

(bsc#986570 CVE#2016-1237).

- Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570

CVE#2016-1237).

- apparmor: fix change_hat not finding hat after policy replacement

(bsc#1000287).

- arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045).

- arm64: __clear_user: handle exceptions on strb (bsc#994752).

- arm64: dma-mapping: always clear allocated buffers (bsc#1004045).

- arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931).

- blkfront: fix an error path memory leak (luckily none so far).

- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).

- blktap2: eliminate race from deferred work queue handling (bsc#911687).

- btrfs: ensure that file descriptor used with subvol ioctls is a dir

(bsc#999600).

- cdc-acm: added sanity checking for probe() (bsc#993891).

- kaweth: fix firmware download (bsc#993890).

- kaweth: fix oops upon failed memory allocation (bsc#993890).

- netback: fix flipping mode (bsc#996664).

- netback: fix flipping mode (bsc#996664).

- netfront: linearize SKBs requiring too many slots (bsc#991247).

- nfsd: check permissions when setting ACLs (bsc#986570).

- posix_acl: Add set_posix_acl (bsc#986570).

- ppp: defer netns reference release for ppp channel (bsc#980371).

- tunnels: Do not apply GRO to multiple layers of encapsulation

(bsc#1001486).

- usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices

(bsc#922634).

- x86: suppress lazy MMU updates during vmalloc fault processing

(bsc#951155).

- xen-netback-generalize.patch: Fold back into base patch.

- xen3-patch-2.6.31.patch: Fold back into base patch.

- xen3-patch-3.12.patch: Fold bac into base patch.

- xen3-patch-3.15.patch: Fold back into base patch.

- xen3-patch-3.3.patch: Fold back into base patch.

- xen3-patch-3.9.patch: Fold bac into base patch.

- xen3-patch-3.9.patch: Fold back into base patch.

- xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily

none so far).

- xenbus: inspect the correct type in xenbus_dev_request_and_reply().

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 13.2:

 

zypper in -t patch openSUSE-2016-1227=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 13.2 (i686 x86_64):

 

kernel-debug-3.16.7-45.1

kernel-debug-base-3.16.7-45.1

kernel-debug-base-debuginfo-3.16.7-45.1

kernel-debug-debuginfo-3.16.7-45.1

kernel-debug-debugsource-3.16.7-45.1

kernel-debug-devel-3.16.7-45.1

kernel-debug-devel-debuginfo-3.16.7-45.1

kernel-desktop-3.16.7-45.1

kernel-desktop-base-3.16.7-45.1

kernel-desktop-base-debuginfo-3.16.7-45.1

kernel-desktop-debuginfo-3.16.7-45.1

kernel-desktop-debugsource-3.16.7-45.1

kernel-desktop-devel-3.16.7-45.1

kernel-ec2-base-debuginfo-3.16.7-45.1

kernel-ec2-debuginfo-3.16.7-45.1

kernel-ec2-debugsource-3.16.7-45.1

kernel-vanilla-3.16.7-45.1

kernel-vanilla-debuginfo-3.16.7-45.1

kernel-vanilla-debugsource-3.16.7-45.1

kernel-vanilla-devel-3.16.7-45.1

kernel-xen-3.16.7-45.1

kernel-xen-base-3.16.7-45.1

kernel-xen-base-debuginfo-3.16.7-45.1

kernel-xen-debuginfo-3.16.7-45.1

kernel-xen-debugsource-3.16.7-45.1

kernel-xen-devel-3.16.7-45.1

 

- openSUSE 13.2 (i586 x86_64):

 

bbswitch-0.8-3.22.1

bbswitch-debugsource-0.8-3.22.1

bbswitch-kmp-default-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-default-debuginfo-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-desktop-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-xen-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_45-3.22.1

cloop-2.639-14.22.1

cloop-debuginfo-2.639-14.22.1

cloop-debugsource-2.639-14.22.1

cloop-kmp-default-2.639_k3.16.7_45-14.22.1

cloop-kmp-default-debuginfo-2.639_k3.16.7_45-14.22.1

cloop-kmp-desktop-2.639_k3.16.7_45-14.22.1

cloop-kmp-desktop-debuginfo-2.639_k3.16.7_45-14.22.1

cloop-kmp-xen-2.639_k3.16.7_45-14.22.1

cloop-kmp-xen-debuginfo-2.639_k3.16.7_45-14.22.1

crash-7.0.8-22.1

crash-debuginfo-7.0.8-22.1

crash-debugsource-7.0.8-22.1

crash-devel-7.0.8-22.1

crash-doc-7.0.8-22.1

crash-eppic-7.0.8-22.1

crash-eppic-debuginfo-7.0.8-22.1

crash-gcore-7.0.8-22.1

crash-gcore-debuginfo-7.0.8-22.1

crash-kmp-default-7.0.8_k3.16.7_45-22.1

crash-kmp-default-debuginfo-7.0.8_k3.16.7_45-22.1

crash-kmp-desktop-7.0.8_k3.16.7_45-22.1

crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_45-22.1

crash-kmp-xen-7.0.8_k3.16.7_45-22.1

crash-kmp-xen-debuginfo-7.0.8_k3.16.7_45-22.1

hdjmod-debugsource-1.28-18.23.1

hdjmod-kmp-default-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-default-debuginfo-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-desktop-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-xen-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_45-18.23.1

ipset-6.23-22.1

ipset-debuginfo-6.23-22.1

ipset-debugsource-6.23-22.1

ipset-devel-6.23-22.1

ipset-kmp-default-6.23_k3.16.7_45-22.1

ipset-kmp-default-debuginfo-6.23_k3.16.7_45-22.1

ipset-kmp-desktop-6.23_k3.16.7_45-22.1

ipset-kmp-desktop-debuginfo-6.23_k3.16.7_45-22.1

ipset-kmp-xen-6.23_k3.16.7_45-22.1

ipset-kmp-xen-debuginfo-6.23_k3.16.7_45-22.1

kernel-default-3.16.7-45.1

kernel-default-base-3.16.7-45.1

kernel-default-base-debuginfo-3.16.7-45.1

kernel-default-debuginfo-3.16.7-45.1

kernel-default-debugsource-3.16.7-45.1

kernel-default-devel-3.16.7-45.1

kernel-ec2-3.16.7-45.1

kernel-ec2-base-3.16.7-45.1

kernel-ec2-devel-3.16.7-45.1

kernel-obs-build-3.16.7-45.1

kernel-obs-build-debugsource-3.16.7-45.1

kernel-obs-qa-3.16.7-45.1

kernel-obs-qa-xen-3.16.7-45.1

kernel-syms-3.16.7-45.1

libipset3-6.23-22.1

libipset3-debuginfo-6.23-22.1

pcfclock-0.44-260.22.1

pcfclock-debuginfo-0.44-260.22.1

pcfclock-debugsource-0.44-260.22.1

pcfclock-kmp-default-0.44_k3.16.7_45-260.22.1

pcfclock-kmp-default-debuginfo-0.44_k3.16.7_45-260.22.1

pcfclock-kmp-desktop-0.44_k3.16.7_45-260.22.1

pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_45-260.22.1

python-virtualbox-5.0.28-54.2

python-virtualbox-debuginfo-5.0.28-54.2

vhba-kmp-debugsource-20140629-2.22.1

vhba-kmp-default-20140629_k3.16.7_45-2.22.1

vhba-kmp-default-debuginfo-20140629_k3.16.7_45-2.22.1

vhba-kmp-desktop-20140629_k3.16.7_45-2.22.1

vhba-kmp-desktop-debuginfo-20140629_k3.16.7_45-2.22.1

vhba-kmp-xen-20140629_k3.16.7_45-2.22.1

vhba-kmp-xen-debuginfo-20140629_k3.16.7_45-2.22.1

virtualbox-5.0.28-54.2

virtualbox-debuginfo-5.0.28-54.2

virtualbox-debugsource-5.0.28-54.2

virtualbox-devel-5.0.28-54.2

virtualbox-guest-kmp-default-5.0.28_k3.16.7_45-54.2

virtualbox-guest-kmp-default-debuginfo-5.0.28_k3.16.7_45-54.2

virtualbox-guest-kmp-desktop-5.0.28_k3.16.7_45-54.2

virtualbox-guest-kmp-desktop-debuginfo-5.0.28_k3.16.7_45-54.2

virtualbox-guest-tools-5.0.28-54.2

virtualbox-guest-tools-debuginfo-5.0.28-54.2

virtualbox-guest-x11-5.0.28-54.2

virtualbox-guest-x11-debuginfo-5.0.28-54.2

virtualbox-host-kmp-default-5.0.28_k3.16.7_45-54.2

virtualbox-host-kmp-default-debuginfo-5.0.28_k3.16.7_45-54.2

virtualbox-host-kmp-desktop-5.0.28_k3.16.7_45-54.2

virtualbox-host-kmp-desktop-debuginfo-5.0.28_k3.16.7_45-54.2

virtualbox-qt-5.0.28-54.2

virtualbox-qt-debuginfo-5.0.28-54.2

virtualbox-websrv-5.0.28-54.2

virtualbox-websrv-debuginfo-5.0.28-54.2

xen-debugsource-4.4.4_05-51.2

xen-devel-4.4.4_05-51.2

xen-libs-4.4.4_05-51.2

xen-libs-debuginfo-4.4.4_05-51.2

xen-tools-domU-4.4.4_05-51.2

xen-tools-domU-debuginfo-4.4.4_05-51.2

xtables-addons-2.6-24.1

xtables-addons-debuginfo-2.6-24.1

xtables-addons-debugsource-2.6-24.1

xtables-addons-kmp-default-2.6_k3.16.7_45-24.1

xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_45-24.1

xtables-addons-kmp-desktop-2.6_k3.16.7_45-24.1

xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_45-24.1

xtables-addons-kmp-xen-2.6_k3.16.7_45-24.1

xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_45-24.1

 

- openSUSE 13.2 (noarch):

 

kernel-devel-3.16.7-45.1

kernel-docs-3.16.7-45.2

kernel-macros-3.16.7-45.1

kernel-source-3.16.7-45.1

kernel-source-vanilla-3.16.7-45.1

virtualbox-guest-desktop-icons-5.0.28-54.2

virtualbox-host-source-5.0.28-54.2

 

- openSUSE 13.2 (x86_64):

 

xen-4.4.4_05-51.2

xen-doc-html-4.4.4_05-51.2

xen-kmp-default-4.4.4_05_k3.16.7_45-51.2

xen-kmp-default-debuginfo-4.4.4_05_k3.16.7_45-51.2

xen-kmp-desktop-4.4.4_05_k3.16.7_45-51.2

xen-kmp-desktop-debuginfo-4.4.4_05_k3.16.7_45-51.2

xen-libs-32bit-4.4.4_05-51.2

xen-libs-debuginfo-32bit-4.4.4_05-51.2

xen-tools-4.4.4_05-51.2

xen-tools-debuginfo-4.4.4_05-51.2

 

- openSUSE 13.2 (i686):

 

kernel-pae-3.16.7-45.1

kernel-pae-base-3.16.7-45.1

kernel-pae-base-debuginfo-3.16.7-45.1

kernel-pae-debuginfo-3.16.7-45.1

kernel-pae-debugsource-3.16.7-45.1

kernel-pae-devel-3.16.7-45.1

 

- openSUSE 13.2 (i586):

 

bbswitch-kmp-pae-0.8_k3.16.7_45-3.22.1

bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_45-3.22.1

cloop-kmp-pae-2.639_k3.16.7_45-14.22.1

cloop-kmp-pae-debuginfo-2.639_k3.16.7_45-14.22.1

crash-kmp-pae-7.0.8_k3.16.7_45-22.1

crash-kmp-pae-debuginfo-7.0.8_k3.16.7_45-22.1

hdjmod-kmp-pae-1.28_k3.16.7_45-18.23.1

hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_45-18.23.1

ipset-kmp-pae-6.23_k3.16.7_45-22.1

ipset-kmp-pae-debuginfo-6.23_k3.16.7_45-22.1

pcfclock-kmp-pae-0.44_k3.16.7_45-260.22.1

pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_45-260.22.1

vhba-kmp-pae-20140629_k3.16.7_45-2.22.1

vhba-kmp-pae-debuginfo-20140629_k3.16.7_45-2.22.1

virtualbox-guest-kmp-pae-5.0.28_k3.16.7_45-54.2

virtualbox-guest-kmp-pae-debuginfo-5.0.28_k3.16.7_45-54.2

virtualbox-host-kmp-pae-5.0.28_k3.16.7_45-54.2

virtualbox-host-kmp-pae-debuginfo-5.0.28_k3.16.7_45-54.2

xtables-addons-kmp-pae-2.6_k3.16.7_45-24.1

xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_45-24.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-7513.html

https://www.suse.com/security/cve/CVE-2015-8956.html

https://www.suse.com/security/cve/CVE-2016-0823.html

https://www.suse.com/security/cve/CVE-2016-1237.html

https://www.suse.com/security/cve/CVE-2016-5195.html

https://www.suse.com/security/cve/CVE-2016-5696.html

https://www.suse.com/security/cve/CVE-2016-6327.html

https://www.suse.com/security/cve/CVE-2016-6480.html

https://www.suse.com/security/cve/CVE-2016-6828.html

https://www.suse.com/security/cve/CVE-2016-7117.html

https://www.suse.com/security/cve/CVE-2016-7425.html

https://www.suse.com/security/cve/CVE-2016-8658.html

https://bugzilla.suse.com/1000287

https://bugzilla.suse.com/1001486

https://bugzilla.suse.com/1003077

https://bugzilla.suse.com/1003925

https://bugzilla.suse.com/1003931

https://bugzilla.suse.com/1004045

https://bugzilla.suse.com/1004418

https://bugzilla.suse.com/1004462

https://bugzilla.suse.com/881008

https://bugzilla.suse.com/909994

https://bugzilla.suse.com/911687

https://bugzilla.suse.com/922634

https://bugzilla.suse.com/951155

https://bugzilla.suse.com/960689

https://bugzilla.suse.com/978094

https://bugzilla.suse.com/980371

https://bugzilla.suse.com/986570

https://bugzilla.suse.com/989152

https://bugzilla.suse.com/991247

https://bugzilla.suse.com/991608

https://bugzilla.suse.com/991665

https://bugzilla.suse.com/993890

https://bugzilla.suse.com/993891

https://bugzilla.suse.com/994296

https://bugzilla.suse.com/994520

https://bugzilla.suse.com/994748

https://bugzilla.suse.com/994752

https://bugzilla.suse.com/994759

https://bugzilla.suse.com/996664

https://bugzilla.suse.com/999600

https://bugzilla.suse.com/999932

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×