Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2015:2339-1
Rating: important
References: #814440 #879378 #879381 #900610 #904348 #904965 #921081 #926774 #930145 #930770 #930788 #930835 #932805 #935123 #935757 #937256 #937444 #938706 #939826 #939926 #939955 #940017 #940913 #940946 #941202 #942938 #943786 #944296 #944677 #944831 #944837 #944989 #944993 #945691 #945825 #945827 #946078 #946214 #946309 #947957 #948330 #948347 #948521 #949100 #949298 #949502 #949706 #949744 #949936 #949981 #950298 #950750 #950998 #951440 #952084 #952384 #952579 #952976 #953527 #953799 #953980 #954404 #954628 #954950 #954984 #955673 #956709
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11-SP4
  • SUSE Linux Enterprise Server 11-SP4
  • SUSE Linux Enterprise Server 11-EXTRA
  • SUSE Linux Enterprise Desktop 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4

  • An update that solves 10 vulnerabilities and has 57 fixes is now available.


    The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
    security and bugfixes.

    Following security bugs were fixed:
    - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav
    lead to a system crash (bsc#956709).
    - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
    Linux kernel did not ensure that certain slot numbers are valid, which
    allowed local users to cause a denial of service (NULL pointer
    dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
    - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
    users to cause a denial of service (host OS panic or hang) by triggering
    many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
    - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
    users to cause a denial of service (host OS panic or hang) by triggering
    many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
    - CVE-2015-7990: RDS: There was no verification that an underlying
    transport exists when creating a connection, causing usage of a NULL
    pointer (bsc#952384).
    - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the
    x86_64 platform mishandled IRET faults in processing NMIs that occurred
    during userspace execution, which might have allowed local users to gain
    privileges by triggering an NMI (bnc#938706).
    - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
    the Linux kernel allowed local users to cause a denial of service (OOPS)
    via crafted keyctl commands (bnc#951440).
    - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
    of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
    Router Advertisement (RA) message, a different vulnerability than
    CVE-2015-8215 (bnc#944296).
    - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in
    the Linux kernel allowed local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have unspecified other
    impact by using a socket that was not properly bound (bnc#945825).

    The following non-security bugs were fixed:
    - ALSA: hda - Disable 64bit address for Creative HDA controllers
    - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats
    - Drivers: hv: do not do hypercalls when hypercall_page is NULL.
    - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.
    - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.
    - Drivers: hv: vmbus: Get rid of some unused definitions.
    - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.
    - Drivers: hv: vmbus: add special crash handler (bnc#930770).
    - Drivers: hv: vmbus: add special kexec handler.
    - Drivers: hv: vmbus: kill tasklets on module unload.
    - Drivers: hv: vmbus: prefer "^A" notification chain to 'panic'.
    - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from
    - Drivers: hv: vmbus: unregister panic notifier on module unload.
    - IB/srp: Avoid skipping srp_reset_host() after a transport error
    - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).
    - KEYS: Fix race between key destruction and finding a keyring by name
    - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).
    - NFSv4: Fix two infinite loops in the mount code (bsc#954628).
    - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).
    - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).
    - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).
    - PCI: Refresh First VF Offset and VF Stride when updating NumVFs
    - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).
    - PCI: delay configuration of SRIOV capability (bnc#952084).
    - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).
    - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
    - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673).
    - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214).
    - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).
    - blktap: also call blkif_disconnect() when frontend switched to closed
    - blktap: refine mm tracking (bsc#952976).
    - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).
    - dm sysfs: introduce ability to add writable attributes (bsc#904348).
    - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
    - dm: do not start current request if it would've merged with the previous
    - dm: impose configurable deadline for dm_request_fn's merge heuristic
    - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,
    v2 (bsc#942938).
    - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).
    - drm/i915: add hotplug activation period to hotplug update mask
    - fix lpfc_send_rscn_event allocation size claims bnc#935757
    - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).
    - fs: Fix deadlocks between sync and fs freezing (bsc#935123).
    - hugetlb: simplify migrate_huge_page() (bnc#947957).
    - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage (bnc#947957,).
    - ipr: Fix incorrect trace indexing (bsc#940913).
    - ipr: Fix invalid array indexing for HRRQ (bsc#940913).
    - ipv6: fix tunnel error handling (bsc#952579).
    - ipvs: Fix reuse connection if real server is dead (bnc#945827).
    - ipvs: drop first packet to dead server (bsc#946078).
    - kernel: correct uc_sigmask of the compat signal frame (bnc#946214).
    - kernel: fix incorrect use of DIAG44 in continue_trylock_relax()
    - kexec: Fix race between panic() and crash_kexec() called directly
    - ktime: add ktime_after and ktime_before helpe (bsc#904348).
    - lib/string.c: introduce memchr_inv() (bnc#930788).
    - lpfc: Fix cq_id masking problem (bsc#944677).
    - macvlan: Support bonding events bsc#948521
    - memory-failure: do code refactor of soft_offline_page() (bnc#947957).
    - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957).
    - memory-failure: use num_poisoned_pages instead of mce_bad_pages
    - memory-hotplug: update mce_bad_pages when removing the memory
    - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory
    error on thp (bnc#947957).
    - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate
    successfully (bnc#947957).
    - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge
    pages (bnc#947957).
    - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,
    - mm: fix GFP_THISNODE callers and clarify (bsc#954950).
    - mm: remove GFP_THISNODE (bsc#954950).
    - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS).
    - net/core: Add VF link state control policy (bsc#950298).
    - netfilter: xt_recent: fix namespace destroy path (bsc#879378).
    - panic/x86: Allow cpus to save registers even if they (bnc#940946).
    - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
    - pktgen: clean up ktime_t helpers (bsc#904348).
    - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).
    - qla2xxx: Remove decrement of sp reference count in abort handler
    - qla2xxx: Remove unavailable firmware files (bsc#921081).
    - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).
    - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down
    - quota: Fix deadlock with suspend and quotas (bsc#935123).
    - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
    - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds
    - rtnetlink: Fix VF IFLA policy (bsc#950298).
    - rtnetlink: fix VF info size (bsc#950298).
    - s390/dasd: fix disconnected device with valid path mask (bnc#946214).
    - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214).
    - s390/dasd: fix list_del corruption after lcu changes (bnc#954984).
    - s390/pci: handle events for unused functions (bnc#946214).
    - s390/pci: improve handling of hotplug event 0x301 (bnc#946214).
    - s390/pci: improve state check when processing hotplug events
    - sched/core: Fix task and run queue sched_info::run_delay inconsistencies
    - sg: fix read() error reporting (bsc#926774).
    - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers
    - usbback: correct copy length for partial transfers (bsc#941202).
    - usbvision fix overflow of interfaces array (bnc#950998).
    - veth: extend device features (bsc#879381).
    - vfs: Provide function to get superblock and wait for it to thaw
    - vmxnet3: adjust ring sizes when interface is down (bsc#950750).
    - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).
    - writeback: Skip writeback for frozen filesystem (bsc#935123).
    - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
    - x86/evtchn: make use of PHYSDEVOP_map_pirq.
    - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
    - x86: mm: only do a local tlb flush in ptep_set_access_flags()
    - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
    - xfs: Fix lost direct IO write in the last block (bsc#949744).
    - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).
    - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).
    - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).
    - xfs: add background scanning to clear eofblocks inodes (bnc#930788).
    - xfs: add inode id filtering to eofblocks scan (bnc#930788).
    - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).
    - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).
    - xfs: create helper to check whether to free eofblocks on inode
    - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).
    - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock
    failure (bnc#930788).
    - xfs: support a tag-based inode_ag_iterator (bnc#930788).
    - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).
    - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).
    - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).
    - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).
    - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).
    - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
    - xhci: Calculate old endpoints correctly on device reset (bnc#944831).
    - xhci: For streams the css flag most be read from the stream-ctx on ep
    stop (bnc#945691).
    - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).
    - xhci: fix isoc endpoint dequeue from advancing too far on transaction
    error (bnc#944837).
    - xhci: silence TD warning (bnc#939955).
    - xhci: use uninterruptible sleep for waiting for internal operations

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11-SP4:
      zypper in -t patch sdksp4-kernel-source-12278=1
    • SUSE Linux Enterprise Server 11-SP4:
      zypper in -t patch slessp4-kernel-source-12278=1
    • SUSE Linux Enterprise Server 11-EXTRA:
      zypper in -t patch slexsp3-kernel-source-12278=1
    • SUSE Linux Enterprise Desktop 11-SP4:
      zypper in -t patch sledsp4-kernel-source-12278=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-kernel-source-12278=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
      • kernel-docs-3.0.101-68.2
    • SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • kernel-default-3.0.101-68.1
      • kernel-default-base-3.0.101-68.1
      • kernel-default-devel-3.0.101-68.1
      • kernel-source-3.0.101-68.1
      • kernel-syms-3.0.101-68.1
      • kernel-trace-3.0.101-68.1
      • kernel-trace-base-3.0.101-68.1
      • kernel-trace-devel-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
      • kernel-ec2-3.0.101-68.1
      • kernel-ec2-base-3.0.101-68.1
      • kernel-ec2-devel-3.0.101-68.1
      • kernel-xen-3.0.101-68.1
      • kernel-xen-base-3.0.101-68.1
      • kernel-xen-devel-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-SP4 (s390x):
      • kernel-default-man-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-SP4 (ppc64):
      • kernel-ppc64-3.0.101-68.1
      • kernel-ppc64-base-3.0.101-68.1
      • kernel-ppc64-devel-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-SP4 (i586):
      • kernel-pae-3.0.101-68.1
      • kernel-pae-base-3.0.101-68.1
      • kernel-pae-devel-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
      • kernel-default-extra-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
      • kernel-xen-extra-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-EXTRA (x86_64):
      • kernel-trace-extra-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-EXTRA (ppc64):
      • kernel-ppc64-extra-3.0.101-68.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586):
      • kernel-pae-extra-3.0.101-68.1
    • SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
      • kernel-default-3.0.101-68.1
      • kernel-default-base-3.0.101-68.1
      • kernel-default-devel-3.0.101-68.1
      • kernel-default-extra-3.0.101-68.1
      • kernel-source-3.0.101-68.1
      • kernel-syms-3.0.101-68.1
      • kernel-trace-devel-3.0.101-68.1
      • kernel-xen-3.0.101-68.1
      • kernel-xen-base-3.0.101-68.1
      • kernel-xen-devel-3.0.101-68.1
      • kernel-xen-extra-3.0.101-68.1
    • SUSE Linux Enterprise Desktop 11-SP4 (i586):
      • kernel-pae-3.0.101-68.1
      • kernel-pae-base-3.0.101-68.1
      • kernel-pae-devel-3.0.101-68.1
      • kernel-pae-extra-3.0.101-68.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • kernel-default-debuginfo-3.0.101-68.1
      • kernel-default-debugsource-3.0.101-68.1
      • kernel-trace-debuginfo-3.0.101-68.1
      • kernel-trace-debugsource-3.0.101-68.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
      • kernel-default-devel-debuginfo-3.0.101-68.1
      • kernel-trace-devel-debuginfo-3.0.101-68.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
      • kernel-ec2-debuginfo-3.0.101-68.1
      • kernel-ec2-debugsource-3.0.101-68.1
      • kernel-xen-debuginfo-3.0.101-68.1
      • kernel-xen-debugsource-3.0.101-68.1
      • kernel-xen-devel-debuginfo-3.0.101-68.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
      • kernel-ppc64-debuginfo-3.0.101-68.1
      • kernel-ppc64-debugsource-3.0.101-68.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
      • kernel-pae-debuginfo-3.0.101-68.1
      • kernel-pae-debugsource-3.0.101-68.1
      • kernel-pae-devel-debuginfo-3.0.101-68.1