Security Update for Linux Kernel

Announcement ID:	SUSE-SU-2015:0658-1
Rating:	important
References:	bsc#898675 bsc#903997 bsc#904242 bsc#909309 bsc#909477 bsc#909684 bsc#910517 bsc#913080 bsc#914818 bsc#915200 bsc#915660 bsc#917830 bsc#918584 bsc#918615 bsc#918620 bsc#918644 bsc#919463 bsc#919719 bsc#919939 bsc#920615 bsc#920805 bsc#920839 bsc#921313 bsc#921527 bsc#921990 bsc#922272 bsc#922275 bsc#922278 bsc#922284 bsc#924460
Cross-References:	CVE-2015-0777 CVE-2015-2150
CVSS scores:
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Bootstrap Kit 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves two vulnerabilities and has 28 security fixes can now be installed.

Description:

The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to receive various security and bugfixes.

Following security bugs were fixed: - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory.

• CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

The following non-security bugs were fixed: - Added Little Endian support to vtpm module (bsc#918620). - Add support for pnfs block layout. Patches not included by default yet - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#921313). - btrfs: add missing blk_finish_plug in btrfs_sync_log() (bnc#922284). - btrfs: cleanup orphans while looking up default subvolume (bsc#914818). - btrfs: do not ignore errors from btrfs_lookup_xattr in do_setxattr (bnc#922272). - btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group (bnc#922278). - btrfs: fix data loss in the fast fsync path (bnc#922275). - btrfs: fix fsync data loss after adding hard link to inode (bnc#922275). - cgroup: revert cgroup_mutex removal from idr_remove (bnc#918644). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - crypto: rng - RNGs must return 0 in success case (bsc#920805). - crypto: testmgr - fix RNG return code enforcement (bsc#920805). - exit: Always reap resource stats in __exit_signal() (Time scalability). - fork: report pid reservation failure properly (bnc#909684). - fsnotify: Fix handling of renames in audit (bnc#915200). - HID: hyperv: match wait_for_completion_timeout return type. - hv: address compiler warnings for hv_fcopy_daemon.c. - hv: address compiler warnings for hv_kvp_daemon.c. - hv: check vmbus_device_create() return value in vmbus_process_offer(). - hv: do not add redundant / in hv_start_fcopy(). - hv: hv_balloon: Do not post pressure status from interrupt context. - hv: hv_balloon: Fix a locking bug in the balloon driver. - hv: hv_balloon: Make adjustments in computing the floor. - hv: hv_fcopy: drop the obsolete message on transfer failure. - hv: kvp_daemon: make IPv6-only-injection work. - hv: remove unused bytes_written from kvp_update_file(). - hv: rename sc_lock to the more generic lock. - hv: vmbus: Fix a bug in vmbus_establish_gpadl(). - hv: vmbus: hv_process_timer_expiration() can be static. - hv: vmbus: Implement a clockevent device. - hv: vmbus: serialize Offer and Rescind offer. - hv: vmbus: Support a vmbus API for efficiently sending page arrays. - hv: vmbus: Use get_cpu() to get the current CPU. - hyperv: fix sparse warnings. - hyperv: Fix the error processing in netvsc_send(). - hyperv: match wait_for_completion_timeout return type. - hyperv: netvsc.c: match wait_for_completion_timeout return type. - iommu/vt-d: Fix dmar_domain leak in iommu_attach_device (bsc#924460). - kabi, mm: prevent endless growth of anon_vma hierarchy (bnc#904242). - kABI: protect linux/namei.h include in procfs. - kABI: protect struct hif_scatter_req. - kabi/severities: Stop maintaining the kgraft kabi - kernel/sched/clock.c: add another clock for use with the soft lockup watchdog (bsc#919939). - kgr: Allow patches to require an exact kernel version (bnc#920615). - KVM: PPC: Book3S HV: ptes are big endian (bsc#920839). - mm: convert the rest to new page table lock api (the suse-only cases) (fate#315482). - mm: fix anon_vma->degree underflow in anon_vma endless growing prevention (bnc#904242). - mm: fix corner case in anon_vma endless growing prevention (bnc#904242). - mm: prevent endless growth of anon_vma hierarchy (bnc#904242). - mm: prevent endless growth of anon_vma hierarchy mm: prevent endless growth of anon_vma hierarchy (bnc#904242). - mm: vmscan: count only dirty pages as congested (VM Performance, bnc#910517). - module: Clean up ro/nx after early module load failures (bsc#921990). - module: set nx before marking module MODULE_STATE_COMING (bsc#921990). - net: add sysfs helpers for netdev_adjacent logic (bnc#915660). - net: correct error path in rtnl_newlink() (bnc#915660). - net: fix creation adjacent device symlinks (bnc#915660). - net: prevent of emerging cross-namespace symlinks (bnc#915660). - net: rename sysfs symlinks on device name change (bnc#915660). - nfs: cap request size to fit a kmalloced page array (bnc#898675). - nfs: commit layouts in fdatasync (bnc#898675). - NFSv4.1: Do not trust attributes if a pNFS LAYOUTCOMMIT is outstanding (bnc#898675). - NFSv4.1: Ensure that the layout recall callback matches layout stateids (bnc#898675). - NFSv4.1: Ensure that we free existing layout segments if we get a new layout (bnc#898675). - NFSv4.1: Fix a race in nfs4_write_inode (bnc#898675). - NFSv4.1: Fix wraparound issues in pnfs_seqid_is_newer() (bnc#898675). - NFSv4.1: Minor optimisation in get_layout_by_fh_locked() (bnc#898675). - NFSv4: Do not update the open stateid unless it is newer than the old one (bnc#898675). - pnfs: add a common GETDEVICELIST implementation (bnc#898675). - pnfs: add a nfs4_get_deviceid helper (bnc#898675). - pnfs: add flag to force read-modify-write in ->write_begin (bnc#898675). - pnfs: add return_range method (bnc#898675). - pnfs: allow splicing pre-encoded pages into the layoutcommit args (bnc#898675). - pnfs: avoid using stale stateids after layoutreturn (bnc#898675). - pnfs/blocklayout: allocate separate pages for the layoutcommit payload (bnc#898675). - pnfs/blocklayout: correctly decrement extent length (bnc#898675). - pnfs/blocklayout: do not set pages uptodate (bnc#898675). - pnfs/blocklayout: Fix a 64-bit division/remainder issue in bl_map_stripe (bnc#898675). - pnfs/blocklayout: implement the return_range method (bnc#898675). - pnfs/blocklayout: improve GETDEVICEINFO error reporting (bnc#898675). - pnfs/blocklayout: include vmalloc.h for __vmalloc (bnc#898675). - pnfs/blocklayout: in-kernel GETDEVICEINFO XDR parsing (bnc#898675). - pnfs/blocklayout: move all rpc_pipefs related code into a single file (bnc#898675). - pnfs/blocklayout: move extent processing to blocklayout.c (bnc#898675). - pnfs/blocklayout: plug block queues (bnc#898675). - pnfs/blocklayout: refactor extent processing (bnc#898675). - pnfs/blocklayout: reject pnfs blocksize larger than page size (bnc#898675). - pNFS/blocklayout: Remove a couple of unused variables (bnc#898675). - pnfs/blocklayout: remove read-modify-write handling in bl_write_pagelist (bnc#898675). - pnfs/blocklayout: remove some debugging (bnc#898675). - pnfs/blocklayout: return layouts on setattr (bnc#898675). - pnfs/blocklayout: rewrite extent tracking (bnc#898675). - pnfs/blocklayout: use the device id cache (bnc#898675). - pnfs: do not check sequence on new stateids in layoutget (bnc#898675). - pnfs: do not pass uninitialized lsegs to ->free_lseg (bnc#898675). - pnfs: enable CB_NOTIFY_DEVICEID support (bnc#898675). - pnfs: factor GETDEVICEINFO implementations (bnc#898675). - pnfs: force a layout commit when encountering busy segments during recall (bnc#898675). - pnfs: remove GETDEVICELIST implementation (bnc#898675). - pnfs: retry after a bad stateid error from layoutget (bnc#898675). - powerpc: add running_clock for powerpc to prevent spurious softlockup warnings (bsc#919939). - powerpc/pseries: Fix endian problems with LE migration (bsc#918584). - remove cgroup_mutex around deactivate_super because it might be dangerous. - rtmutex: Document pi chain walk (mutex scalability). - rtmutex: No need to keep task ref for lock owner check (mutex scalability). - rtmutex: Simplify rtmutex_slowtrylock() (mutex scalability). - rtnetlink: fix a memory leak when ->newlink fails (bnc#915660). - sched: Change thread_group_cputime() to use for_each_thread() (Time scalability). - sched: replace INIT_COMPLETION with reinit_completion. - sched, time: Atomically increment stime & utime (Time scalability). - scsi: storvsc: Always send on the selected outgoing channel. - scsi: storvsc: Do not assume that the scatterlist is not chained. - scsi: storvsc: Enable clustering. - scsi: storvsc: Fix a bug in copy_from_bounce_buffer(). - scsi: storvsc: Increase the ring buffer size. - scsi: storvsc: Retrieve information about the capability of the target. - scsi: storvsc: Set the tablesize based on the information given by the host. - scsi: storvsc: Size the queue depth based on the ringbuffer size. - storvsc: fix a bug in storvsc limits. - storvsc: force discovery of LUNs that may have been removed. - storvsc: force SPC-3 compliance on win8 and win8 r2 hosts. - storvsc: in responce to a scan event, scan the host. - take read_seqbegin_or_lock() and friends to seqlock.h (Time scalability). - tcp: prevent fetching dst twice in early demux code (bnc#903997 bnc#919719). - time, signal: Protect resource use statistics with seqlock -kabi (Time scalability). - time, signal: Protect resource use statistics with seqlock (Time scalability). - udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309). - Update Xen patches to 3.12.39. - virtio: rng: add derating factor for use by hwrng core (bsc#918615). - x86, AVX-512: AVX-512 Feature Detection (bsc#921527). - x86, AVX-512: Enable AVX-512 States Context Switch (bsc#921527). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Bootstrap Kit 12
  zypper in -t patch SUSE-SLE-BSK-12-2015-152=1
• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-152=1
• SUSE Linux Enterprise Live Patching 12
  zypper in -t patch SUSE-SLE-Live-Patching-12-2015-152=1
• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-152=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-152=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-152=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-152=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-152=1

Package List:

• SUSE Linux Enterprise Software Bootstrap Kit 12 (nosrc s390x)
  • kernel-zfcpdump-3.12.39-47.1
• SUSE Linux Enterprise Software Bootstrap Kit 12 (s390x)
  • kernel-zfcpdump-debuginfo-3.12.39-47.1
  • kernel-zfcpdump-debugsource-3.12.39-47.1
• SUSE Linux Enterprise Desktop 12 (nosrc x86_64)
  • kernel-default-3.12.39-47.1
  • kernel-xen-3.12.39-47.1
• SUSE Linux Enterprise Desktop 12 (x86_64)
  • kernel-xen-debugsource-3.12.39-47.1
  • kernel-default-debugsource-3.12.39-47.1
  • kernel-default-debuginfo-3.12.39-47.1
  • kernel-default-extra-3.12.39-47.1
  • kernel-default-extra-debuginfo-3.12.39-47.1
  • kernel-xen-debuginfo-3.12.39-47.1
  • kernel-syms-3.12.39-47.1
  • kernel-default-devel-3.12.39-47.1
  • kernel-xen-devel-3.12.39-47.1
• SUSE Linux Enterprise Desktop 12 (noarch)
  • kernel-macros-3.12.39-47.1
  • kernel-source-3.12.39-47.1
  • kernel-devel-3.12.39-47.1
• SUSE Linux Enterprise Live Patching 12 (x86_64)
  • kgraft-patch-3_12_39-47-default-1-2.1
  • kgraft-patch-3_12_39-47-xen-1-2.1
• Public Cloud Module 12 (nosrc x86_64)
  • kernel-ec2-3.12.39-47.1
• Public Cloud Module 12 (x86_64)
  • kernel-ec2-debugsource-3.12.39-47.1
  • kernel-ec2-debuginfo-3.12.39-47.1
  • kernel-ec2-extra-3.12.39-47.1
  • kernel-ec2-devel-3.12.39-47.1
  • kernel-ec2-extra-debuginfo-3.12.39-47.1
• SUSE Linux Enterprise Software Development Kit 12 (noarch)
  • kernel-docs-3.12.39-47.3
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • kernel-obs-build-3.12.39-47.2
  • kernel-obs-build-debugsource-3.12.39-47.2
• SUSE Linux Enterprise Server 12 (nosrc ppc64le s390x x86_64)
  • kernel-default-3.12.39-47.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • kernel-default-debugsource-3.12.39-47.1
  • kernel-default-debuginfo-3.12.39-47.1
  • kernel-default-base-debuginfo-3.12.39-47.1
  • kernel-syms-3.12.39-47.1
  • kernel-default-base-3.12.39-47.1
  • kernel-default-devel-3.12.39-47.1
• SUSE Linux Enterprise Server 12 (noarch)
  • kernel-macros-3.12.39-47.1
  • kernel-source-3.12.39-47.1
  • kernel-devel-3.12.39-47.1
• SUSE Linux Enterprise Server 12 (s390x)
  • kernel-default-man-3.12.39-47.1
• SUSE Linux Enterprise Server 12 (nosrc x86_64)
  • kernel-xen-3.12.39-47.1
• SUSE Linux Enterprise Server 12 (x86_64)
  • kernel-xen-debugsource-3.12.39-47.1
  • kernel-xen-base-3.12.39-47.1
  • kernel-xen-base-debuginfo-3.12.39-47.1
  • kernel-xen-debuginfo-3.12.39-47.1
  • kernel-xen-devel-3.12.39-47.1
• SUSE Linux Enterprise Server for SAP Applications 12 (nosrc x86_64)
  • kernel-default-3.12.39-47.1
  • kernel-xen-3.12.39-47.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • kernel-xen-debugsource-3.12.39-47.1
  • kernel-default-debugsource-3.12.39-47.1
  • kernel-default-debuginfo-3.12.39-47.1
  • kernel-xen-base-3.12.39-47.1
  • kernel-xen-base-debuginfo-3.12.39-47.1
  • kernel-xen-debuginfo-3.12.39-47.1
  • kernel-default-base-debuginfo-3.12.39-47.1
  • kernel-syms-3.12.39-47.1
  • kernel-default-base-3.12.39-47.1
  • kernel-default-devel-3.12.39-47.1
  • kernel-xen-devel-3.12.39-47.1
• SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
  • kernel-macros-3.12.39-47.1
  • kernel-source-3.12.39-47.1
  • kernel-devel-3.12.39-47.1
• SUSE Linux Enterprise Workstation Extension 12 (nosrc)
  • kernel-default-3.12.39-47.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64)
  • kernel-default-debuginfo-3.12.39-47.1
  • kernel-default-extra-3.12.39-47.1
  • kernel-default-extra-debuginfo-3.12.39-47.1
  • kernel-default-debugsource-3.12.39-47.1

References:

• https://www.suse.com/security/cve/CVE-2015-0777.html
• https://www.suse.com/security/cve/CVE-2015-2150.html
• https://bugzilla.suse.com/show_bug.cgi?id=898675
• https://bugzilla.suse.com/show_bug.cgi?id=903997
• https://bugzilla.suse.com/show_bug.cgi?id=904242
• https://bugzilla.suse.com/show_bug.cgi?id=909309
• https://bugzilla.suse.com/show_bug.cgi?id=909477
• https://bugzilla.suse.com/show_bug.cgi?id=909684
• https://bugzilla.suse.com/show_bug.cgi?id=910517
• https://bugzilla.suse.com/show_bug.cgi?id=913080
• https://bugzilla.suse.com/show_bug.cgi?id=914818
• https://bugzilla.suse.com/show_bug.cgi?id=915200
• https://bugzilla.suse.com/show_bug.cgi?id=915660
• https://bugzilla.suse.com/show_bug.cgi?id=917830
• https://bugzilla.suse.com/show_bug.cgi?id=918584
• https://bugzilla.suse.com/show_bug.cgi?id=918615
• https://bugzilla.suse.com/show_bug.cgi?id=918620
• https://bugzilla.suse.com/show_bug.cgi?id=918644
• https://bugzilla.suse.com/show_bug.cgi?id=919463
• https://bugzilla.suse.com/show_bug.cgi?id=919719
• https://bugzilla.suse.com/show_bug.cgi?id=919939
• https://bugzilla.suse.com/show_bug.cgi?id=920615
• https://bugzilla.suse.com/show_bug.cgi?id=920805
• https://bugzilla.suse.com/show_bug.cgi?id=920839
• https://bugzilla.suse.com/show_bug.cgi?id=921313
• https://bugzilla.suse.com/show_bug.cgi?id=921527
• https://bugzilla.suse.com/show_bug.cgi?id=921990
• https://bugzilla.suse.com/show_bug.cgi?id=922272
• https://bugzilla.suse.com/show_bug.cgi?id=922275
• https://bugzilla.suse.com/show_bug.cgi?id=922278
• https://bugzilla.suse.com/show_bug.cgi?id=922284
• https://bugzilla.suse.com/show_bug.cgi?id=924460