Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2015:0945-1
Rating:	important
References:	bsc#814440 bsc#867595 bsc#904348 bsc#921949 bsc#924493 bsc#930145 bsc#933514 bsc#935961 bsc#936076 bsc#936773 bsc#939826 bsc#939926 bsc#940853 bsc#941202 bsc#941867 bsc#942938 bsc#944749 bsc#945626 bsc#946078 bsc#947241 bsc#947321 bsc#947478 bsc#948521 bsc#948685 bsc#948831 bsc#949100 bsc#949463 bsc#949504 bsc#949706 bsc#949744 bsc#950013 bsc#950750 bsc#950862 bsc#950998 bsc#951110 bsc#951165 bsc#951199 bsc#951440 bsc#951546 bsc#952666 bsc#952758 bsc#953796 bsc#953980 bsc#954635 bsc#955148 bsc#955224 bsc#955422 bsc#955533 bsc#955644 bsc#956047 bsc#956053 bsc#956703 bsc#956711
Cross-References:	CVE-2015-0272 CVE-2015-2925 CVE-2015-5283 CVE-2015-5307 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104
CVSS scores:
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Bootstrap Kit 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves eight vulnerabilities and has 45 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes.

Following security bugs were fixed: - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).

The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236 (bsc#953796). - Btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - Btrfs: fix truncation of compressed and inlined extents (bnc#956053). - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546) - Fix regression in NFSRDMA server (bsc#951110). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - KVM: x86: call irq notifiers with directed EOI (bsc#950862). - NVMe: Add shutdown timeout as module parameter (bnc#936076). - NVMe: Mismatched host/device page size support (bsc#935961). - PCI: Drop "setting latency timer" messages (bsc#956047). - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - Sync ppc64le netfilter config options with other archs (bnc#951546) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - apparmor: temporary work around for bug while unloading policy (boo#941867). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - dlm: make posix locks interruptible, (bsc#947241). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fanotify: fix notification of groups with inode and mount marks (bsc#955533). - genirq: Make sure irq descriptors really exist when __irq_alloc_descs returns (bsc#945626). - hv: vss: run only on supported host versions (bnc#949504). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags (bsc#947321). - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321). - ipv6: Extend the route lookups to low priority metrics (bsc#947321). - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321). - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipvs: drop first packet to dead server (bsc#946078). - kABI: protect struct ahci_host_priv. - kABI: protect struct rt6_info changes from bsc#947321 changes (bsc#947321). - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546). - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199). - kgr: fix migration of kthreads to the new universe. - kgr: wake up kthreads periodically. - ktime: add ktime_after and ktime_before helper (bsc#904348). - macvlan: Support bonding events (bsc#948521). - net: add length argument to skb_copy_and_csum_datagram_iovec (bsc#951199). - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec() (bsc#951199). - pci: Update VPD size with correct length (bsc#924493). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sunrpc/cache: make cache flushing more reliable (bsc#947478). - supported.conf: Add missing dependencies of supported modules hwmon_vid needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by ramoops - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831). - target/rbd: fix PR info memory leaks (bnc#948831). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "^A" when allocating UAs (bsc#933514). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down (bsc#940853). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Bootstrap Kit 12
  zypper in -t patch SUSE-SLE-BSK-12-2015-945=1
• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1
• SUSE Linux Enterprise Live Patching 12
  zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1
• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-945=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-945=1

Package List:

• SUSE Linux Enterprise Software Bootstrap Kit 12 (nosrc s390x)
  • kernel-zfcpdump-3.12.51-52.31.1
• SUSE Linux Enterprise Software Bootstrap Kit 12 (s390x)
  • kernel-zfcpdump-debugsource-3.12.51-52.31.1
  • kernel-zfcpdump-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Desktop 12 (nosrc x86_64)
  • kernel-default-3.12.51-52.31.1
  • kernel-xen-3.12.51-52.31.1
• SUSE Linux Enterprise Desktop 12 (x86_64)
  • kernel-default-extra-3.12.51-52.31.1
  • kernel-default-devel-3.12.51-52.31.1
  • kernel-syms-3.12.51-52.31.1
  • kernel-xen-debuginfo-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-xen-debugsource-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
  • kernel-xen-devel-3.12.51-52.31.1
  • kernel-default-extra-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Desktop 12 (noarch)
  • kernel-source-3.12.51-52.31.1
  • kernel-devel-3.12.51-52.31.1
  • kernel-macros-3.12.51-52.31.1
• SUSE Linux Enterprise Live Patching 12 (x86_64)
  • kgraft-patch-3_12_51-52_31-default-1-2.2
  • kgraft-patch-3_12_51-52_31-xen-1-2.2
• Public Cloud Module 12 (nosrc x86_64)
  • kernel-ec2-3.12.51-52.31.1
• Public Cloud Module 12 (x86_64)
  • kernel-ec2-extra-debuginfo-3.12.51-52.31.1
  • kernel-ec2-extra-3.12.51-52.31.1
  • kernel-ec2-debuginfo-3.12.51-52.31.1
  • kernel-ec2-devel-3.12.51-52.31.1
  • kernel-ec2-debugsource-3.12.51-52.31.1
• SUSE Linux Enterprise Software Development Kit 12 (noarch)
  • kernel-docs-3.12.51-52.31.5
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • kernel-obs-build-3.12.51-52.31.1
  • kernel-obs-build-debugsource-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (nosrc ppc64le s390x x86_64)
  • kernel-default-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • kernel-default-devel-3.12.51-52.31.1
  • kernel-syms-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-base-3.12.51-52.31.1
  • kernel-default-base-debuginfo-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (noarch)
  • kernel-source-3.12.51-52.31.1
  • kernel-devel-3.12.51-52.31.1
  • kernel-macros-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (s390x)
  • kernel-default-man-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (nosrc x86_64)
  • kernel-xen-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (x86_64)
  • kernel-xen-base-3.12.51-52.31.1
  • kernel-xen-debuginfo-3.12.51-52.31.1
  • kernel-xen-debugsource-3.12.51-52.31.1
  • kernel-xen-devel-3.12.51-52.31.1
  • kernel-xen-base-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Server for SAP Applications 12 (nosrc x86_64)
  • kernel-default-3.12.51-52.31.1
  • kernel-xen-3.12.51-52.31.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • kernel-xen-base-3.12.51-52.31.1
  • kernel-default-devel-3.12.51-52.31.1
  • kernel-syms-3.12.51-52.31.1
  • kernel-xen-debuginfo-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-base-3.12.51-52.31.1
  • kernel-default-base-debuginfo-3.12.51-52.31.1
  • kernel-xen-debugsource-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
  • kernel-xen-devel-3.12.51-52.31.1
  • kernel-xen-base-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
  • kernel-source-3.12.51-52.31.1
  • kernel-devel-3.12.51-52.31.1
  • kernel-macros-3.12.51-52.31.1
• SUSE Linux Enterprise Workstation Extension 12 (nosrc)
  • kernel-default-3.12.51-52.31.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64)
  • kernel-default-extra-3.12.51-52.31.1
  • kernel-default-extra-debuginfo-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1

References:

• https://www.suse.com/security/cve/CVE-2015-0272.html
• https://www.suse.com/security/cve/CVE-2015-2925.html
• https://www.suse.com/security/cve/CVE-2015-5283.html
• https://www.suse.com/security/cve/CVE-2015-5307.html
• https://www.suse.com/security/cve/CVE-2015-7799.html
• https://www.suse.com/security/cve/CVE-2015-7872.html
• https://www.suse.com/security/cve/CVE-2015-7990.html
• https://www.suse.com/security/cve/CVE-2015-8104.html
• https://bugzilla.suse.com/show_bug.cgi?id=814440
• https://bugzilla.suse.com/show_bug.cgi?id=867595
• https://bugzilla.suse.com/show_bug.cgi?id=904348
• https://bugzilla.suse.com/show_bug.cgi?id=921949
• https://bugzilla.suse.com/show_bug.cgi?id=924493
• https://bugzilla.suse.com/show_bug.cgi?id=930145
• https://bugzilla.suse.com/show_bug.cgi?id=933514
• https://bugzilla.suse.com/show_bug.cgi?id=935961
• https://bugzilla.suse.com/show_bug.cgi?id=936076
• https://bugzilla.suse.com/show_bug.cgi?id=936773
• https://bugzilla.suse.com/show_bug.cgi?id=939826
• https://bugzilla.suse.com/show_bug.cgi?id=939926
• https://bugzilla.suse.com/show_bug.cgi?id=940853
• https://bugzilla.suse.com/show_bug.cgi?id=941202
• https://bugzilla.suse.com/show_bug.cgi?id=941867
• https://bugzilla.suse.com/show_bug.cgi?id=942938
• https://bugzilla.suse.com/show_bug.cgi?id=944749
• https://bugzilla.suse.com/show_bug.cgi?id=945626
• https://bugzilla.suse.com/show_bug.cgi?id=946078
• https://bugzilla.suse.com/show_bug.cgi?id=947241
• https://bugzilla.suse.com/show_bug.cgi?id=947321
• https://bugzilla.suse.com/show_bug.cgi?id=947478
• https://bugzilla.suse.com/show_bug.cgi?id=948521
• https://bugzilla.suse.com/show_bug.cgi?id=948685
• https://bugzilla.suse.com/show_bug.cgi?id=948831
• https://bugzilla.suse.com/show_bug.cgi?id=949100
• https://bugzilla.suse.com/show_bug.cgi?id=949463
• https://bugzilla.suse.com/show_bug.cgi?id=949504
• https://bugzilla.suse.com/show_bug.cgi?id=949706
• https://bugzilla.suse.com/show_bug.cgi?id=949744
• https://bugzilla.suse.com/show_bug.cgi?id=950013
• https://bugzilla.suse.com/show_bug.cgi?id=950750
• https://bugzilla.suse.com/show_bug.cgi?id=950862
• https://bugzilla.suse.com/show_bug.cgi?id=950998
• https://bugzilla.suse.com/show_bug.cgi?id=951110
• https://bugzilla.suse.com/show_bug.cgi?id=951165
• https://bugzilla.suse.com/show_bug.cgi?id=951199
• https://bugzilla.suse.com/show_bug.cgi?id=951440
• https://bugzilla.suse.com/show_bug.cgi?id=951546
• https://bugzilla.suse.com/show_bug.cgi?id=952666
• https://bugzilla.suse.com/show_bug.cgi?id=952758
• https://bugzilla.suse.com/show_bug.cgi?id=953796
• https://bugzilla.suse.com/show_bug.cgi?id=953980
• https://bugzilla.suse.com/show_bug.cgi?id=954635
• https://bugzilla.suse.com/show_bug.cgi?id=955148
• https://bugzilla.suse.com/show_bug.cgi?id=955224
• https://bugzilla.suse.com/show_bug.cgi?id=955422
• https://bugzilla.suse.com/show_bug.cgi?id=955533
• https://bugzilla.suse.com/show_bug.cgi?id=955644
• https://bugzilla.suse.com/show_bug.cgi?id=956047
• https://bugzilla.suse.com/show_bug.cgi?id=956053
• https://bugzilla.suse.com/show_bug.cgi?id=956703
• https://bugzilla.suse.com/show_bug.cgi?id=956711