Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2016:3304-1
Rating:	important
References:	bsc#1000189 bsc#1000287 bsc#1000304 bsc#1000776 bsc#1001419 bsc#1001486 bsc#1002165 bsc#1003079 bsc#1003153 bsc#1003400 bsc#1003568 bsc#1003925 bsc#1004252 bsc#1004418 bsc#1004462 bsc#1004517 bsc#1004520 bsc#1005666 bsc#1006691 bsc#1007615 bsc#1007886 bsc#744692 bsc#789311 bsc#857397 bsc#860441 bsc#865545 bsc#866130 bsc#868923 bsc#874131 bsc#875631 bsc#876145 bsc#876463 bsc#898675 bsc#904489 bsc#909994 bsc#911687 bsc#915183 bsc#921338 bsc#921784 bsc#922064 bsc#922634 bsc#924381 bsc#924384 bsc#930399 bsc#934067 bsc#937086 bsc#937888 bsc#941420 bsc#946309 bsc#955446 bsc#956514 bsc#959463 bsc#961257 bsc#962846 bsc#963655 bsc#963767 bsc#966864 bsc#967640 bsc#970943 bsc#971975 bsc#971989 bsc#974406 bsc#974620 bsc#975596 bsc#975772 bsc#976195 bsc#977687 bsc#978094 bsc#979451 bsc#979681 bsc#979928 bsc#980371 bsc#981597 bsc#982783 bsc#983619 bsc#984194 bsc#984419 bsc#984779 bsc#984992 bsc#985562 bsc#986362 bsc#986365 bsc#986445 bsc#987192 bsc#987333 bsc#987542 bsc#987565 bsc#987621 bsc#987805 bsc#988440 bsc#988617 bsc#988715 bsc#989152 bsc#989953 bsc#990058 bsc#990245 bsc#991247 bsc#991608 bsc#991665 bsc#991667 bsc#992244 bsc#992555 bsc#992568 bsc#992591 bsc#992593 bsc#992712 bsc#993392 bsc#993841 bsc#993890 bsc#993891 bsc#994167 bsc#994296 bsc#994438 bsc#994520 bsc#994758 bsc#995153 bsc#995968 bsc#996664 bsc#997059 bsc#997299 bsc#997708 bsc#997896 bsc#998689 bsc#998795 bsc#998825 bsc#999577 bsc#999584 bsc#999600 bsc#999779 bsc#999907 bsc#999932
Cross-References:	CVE-2015-8956 CVE-2016-2069 CVE-2016-4998 CVE-2016-5195 CVE-2016-5696 CVE-2016-6130 CVE-2016-6327 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8658
CVSS scores:	CVE-2016-2069 ( NVD ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-4998 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2016-5195 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-5195 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-5195 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-5696 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2016-5696 ( NVD ): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2016-6130 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVE-2016-6130 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2016-6327 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-6480 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6480 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-6828 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-7042 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-7097 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2016-7425 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-7425 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-8658 ( NVD ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products:	SUSE Linux Enterprise Real Time Extension 12 SP1 SUSE Linux Enterprise Server 12 SP1

An update that solves 13 vulnerabilities and has 118 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.67 to receive various security and bugfixes.

This feature was added:

• fate#320805: Execute in place (XIP) support for the ext2 filesystem.

The following security bugs were fixed:

• CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767).
• CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362).
• CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).
• CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)
• CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542)
• CVE-2016-6327: System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes by sending the ABORT_TASK command (bsc#994758)
• CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608)
• CVE-2016-6828: Use after free 4 in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296)
• CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517).
• CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968).
• CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932)
• CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bsc#1004462).

The following non-security bugs were fixed:

• aacraid: Fix RRQ overload (bsc#1003079).
• acpi / PM: Ignore wakeup setting if the ACPI companion can't wake up.
• AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).
• apparmor: add missing id bounds check on dfa verification (bsc#1000304).
• apparmor: check that xindex is in trans_table bounds (bsc#1000304).
• apparmor: do not expose kernel stack (bsc#1000304).
• apparmor: don't check for vmalloc_addr if kvzalloc() failed (bsc#1000304).
• apparmor: ensure the target profile name is always audited (bsc#1000304).
• apparmor: exec should not be returning ENOENT when it denies (bsc#1000304).
• apparmor: fix arg_size computation for when setprocattr is null terminated (bsc#1000304).
• apparmor: fix audit full profile hname on successful load (bsc#1000304).
• apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287).
• apparmor: fix disconnected bind mnts reconnection (bsc#1000304).
• apparmor: fix log failures for all profiles in a set (bsc#1000304).
• apparmor: fix module parameters can be changed after policy is locked (bsc#1000304).
• apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304).
• apparmor: fix oops, validate buffer size in apparmor_setprocattr() (bsc#1000304).
• apparmor: fix put() parent ref after updating the active ref (bsc#1000304).
• apparmor: fix refcount bug in profile replacement (bsc#1000304).
• apparmor: fix refcount race when finding a child profile (bsc#1000304).
• apparmor: fix replacement bug that adds new child to old parent (bsc#1000304).
• apparmor: fix uninitialized lsm_audit member (bsc#1000304).
• apparmor: fix update the mtime of the profile file on replacement (bsc#1000304).
• apparmor: internal paths should be treated as disconnected (bsc#1000304).
• apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).
• arm64: Ensure pmd_present() returns false after pmd_mknotpresent() (Automatic NUMA Balancing).
• avoid dentry crash triggered by NFS (bsc#984194).
• be2net: Don't leak iomapped memory on removal (bsc#921784 FATE#318561).
• be2net: fix BE3-R FW download compatibility check (bsc#921784 FATE#318561).
• be2net: fix wrong return value in be_check_ufi_compatibility() (bsc#921784 FATE#318561).
• be2net: remove vlan promisc capability from VF's profile descriptors (bsc#921784 FATE#318561).
• blkfront: fix an error path memory leak (luckily none so far).
• blk-mq: fix undefined behaviour in order_to_size().
• blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
• blktap2: eliminate race from deferred work queue handling (bsc#911687).
• bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925, CVE-2015-8956).
• bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes.
• bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).
• bonding: fix curr_active_slave/carrier with loadbalance arp monitoring.
• bonding: Prevent IPv6 link local address on enslaved devices.
• bonding: prevent out of bound accesses.
• bonding: set carrier off for devices created through netlink (bsc#999577).
• btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).
• btrfs: add missing discards when unpinning extents with -o discard (bsc#904489).
• btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489).
• btrfs: Disable btrfs-8448-improve-performance-on-fsync-against-new-inode.patch (bsc#981597).
• btrfs: do not create or leak aliased root while cleaning up orphans (bsc#904489).
• btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
• btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489).
• btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779)
• btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489).
• btrfs: handle quota reserve failure properly (bsc#1005666).
• btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
• btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
• btrfs: properly track when rescan worker is running (bsc#989953).
• btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489).
• btrfs: skip superblocks during discard (bsc#904489).
• btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).
• btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712).
• cdc-acm: added sanity checking for probe() (bsc#993891).
• cephfs: ignore error from invalidate_inode_pages2_range() in direct write (bsc#995153).
• cephfs: remove warning when ceph_releasepage() is called on dirty page (bsc#995153).
• ceph: Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch. After a write, we must free the 'request', not the 'response' (bsc#995153).
• clockevents: export clockevents_unbind_device instead of clockevents_unbind (bnc#937888).
• conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (bsc#966864).
• cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).
• dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)
• efi: Small leak on error in runtime map code (fate#315019).
• ext2: Enable ext2 driver in config files (bsc#976195).
• ext4: Add parameter for tuning handling of ext2 (bsc#976195).
• Fix kabi change cause by adding flock_owner to open_context (bsc#998689).
• fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch (bsc#1003153).
• fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
• fs/select: add vmalloc fallback for select(2) (bsc#1000189).
• ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
• hyperv: enable call to clockevents_unbind_device in kexec/kdump path
• hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in the base kernel
• i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).
• ib/iwpm: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).
• ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545 FATE#316891).
• introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).
• iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).
• ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257).
• ipv6: fix multipath route replace error recovery (bsc#930399).
• ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).
• ipv6: send only one NEWLINK when RA causes changes (bsc#934067).
• iscsi: Add a missed complete in iscsit_close_connection (bsc#992555, bsc#987805).
• kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).
• kaweth: fix firmware download (bsc#993890).
• kaweth: fix oops upon failed memory allocation (bsc#993890).
• kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).
• kernel/printk: fix faulty logic in the case of recursive printk (bnc#744692, bnc#789311).
• kvm: do not handle APIC access page if in-kernel irqchip is not in use (bsc#959463).
• kvm: vmx: defer load of APIC access page address during reset (bsc#959463).
• libceph: enable large, variable-sized OSD requests (bsc#988715).
• libceph: make r_request msg_size calculation clearer (bsc#988715).
• libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715).
• libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).
• libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).
• libfc: do not send ABTS when resetting exchanges (bsc#962846).
• libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846).
• libfc: Fixup disc_mutex handling (bsc#962846).
• libfc: fixup locking of ptp_setup() (bsc#962846).
• libfc: Issue PRLI after a PRLO has been received (bsc#962846).
• libfc: reset exchange manager during LOGO handling (bsc#962846).
• libfc: Revisit kref handling (bnc#990245).
• libfc: sanity check cpu number extracted from xid (bsc#988440).
• libfc: send LOGO for PLOGI failure (bsc#962846).
• md: check command validity early in md_ioctl() (bsc#1004520).
• md: Drop sending a change uevent when stopping (bsc#1003568).
• md: lockless I/O submission for RAID1 (bsc#982783).
• md/raid5: fix a recently broken BUG_ON() (bsc#1006691).
• mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975).
• mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).
• module: Issue warnings when tainting kernel (bsc#974406).
• mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
• mpt3sas: Update patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch (bsc#967640, bsc#992244).
• msi-x: fix an error path (luckily none so far).
• netback: fix flipping mode (bsc#996664).
• netback: fix refounting (bsc#978094).
• netfront: don't truncate grant references.
• netfront: use correct linear area after linearizing an skb (bsc#1007886).
• nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1003400).
• nfs: Add a stub for GETDEVICELIST (bnc#898675).
• nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584).
• nfsd: Use free_conn to free connection (bsc#979451).
• nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
• nfs: Fix a regression in the read() syscall (bsc#999584).
• nfs: fix BUG() crash in notify_change() with patch to chown_common() (bnc#876463).
• nfs: fix pg_test page count calculation (bnc#898675).
• nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776).
• nfsv4: add flock_owner to open context (bnc#998689).
• nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689).
• nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689).
• nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689).
• nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT (bnc#866130).
• oops on restarting network with bonding mode4 (lacp) (bsc#876145).
• packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).
• perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM (bsc#997896).
• PM / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252).
• PM / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441).
• powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).
• ppp: defer netns reference release for ppp channel (bsc#980371).
• printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).
• qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).
• qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)
• radeon: avoid boot hang in Xen Dom0 (luckily none so far).
• ratelimit: extend to print suppressed messages on release (bsc#979928).
• ratelimit: fix bug in time interval by resetting right begin time (bsc#979928).
• rbd: truncate objects on cmpext short reads (bsc#988715).
• Revert "Input: i8042 - break load dependency between atkbd/psmouse and i8042".
• Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".
• rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)
• rtnetlink: avoid 0 sized arrays.
• RTNL: assertion failed at dev.c (bsc#875631).
• s390: add SMT support (bnc#994438).
• sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).
• sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419).
• scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
• scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
• scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
• sd: Fix memory leak caused by RESET_WP patch (bsc#999779).
• squashfs3: properly handle dir_emit() failures (bsc#998795).
• SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923).
• SUNRPC: Fix a regression when reconnecting (bsc#946309).
• supported.conf: Add ext2
• supported.conf: Add iscsi modules to -base (bsc#997299)
• supported.conf: Add tun to -base (bsc#992593)
• supported.conf: Add veth to -base (bsc#992591)
• target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP (bsc#987621).
• target: Fix race between iscsi-target connection shutdown + ABORT_TASK (bsc#987621).
• tcp: add proper TS val into RST packets (bsc#937086).
• tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).
• tcp: fix child sockets to use system default congestion control if not set.
• tcp: fix cwnd limited checking to improve congestion control (bsc#988617).
• tcp: refresh skb timestamp at retransmit time (bsc#937086).
• timers: Use proper base migration in add_timer_on() (bnc#993392).
• tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).
• tunnels: Remove encapsulation offloads on decap (bsc#1001486).
• usb: fix typo in wMaxPacketSize validation (bsc#991665).
• usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
• usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).
• usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).
• vmxnet3: Wake queue from reset work (bsc#999907).
• x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058).
• x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance git-fixes).
• xenbus: don't invoke ->is_ready() for most device states (bsc#987333).
• xenbus: inspect the correct type in xenbus_dev_request_and_reply().
• xen/pciback: Fix conf_space read/write overlap check.
• xen-pciback: return proper values during BAR sizing.
• xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
• xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153).
• xfs: handle dquot buffer readahead in log recovery correctly (bsc#955446).
• xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
• xhci: Check if slot is already in default state before moving it there (FATE#315518).
• xhci: silence warnings in switch (bnc#991665).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time Extension 12 SP1
  zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1938=1

Package List:

• SUSE Linux Enterprise Real Time Extension 12 SP1 (nosrc x86_64)
  • kernel-rt-3.12.67-60.27.1
  • kernel-compute-3.12.67-60.27.1
• SUSE Linux Enterprise Real Time Extension 12 SP1 (x86_64)
  • kernel-compute_debug-devel-debuginfo-3.12.67-60.27.1
  • kernel-compute-debugsource-3.12.67-60.27.1
  • kernel-rt-devel-3.12.67-60.27.1
  • kernel-compute-base-3.12.67-60.27.1
  • kernel-rt_debug-devel-3.12.67-60.27.1
  • kernel-rt-debugsource-3.12.67-60.27.1
  • kernel-syms-rt-3.12.67-60.27.1
  • kernel-compute_debug-devel-3.12.67-60.27.1
  • kernel-compute-devel-3.12.67-60.27.1
  • kernel-rt-debuginfo-3.12.67-60.27.1
  • kernel-compute_debug-debugsource-3.12.67-60.27.1
  • kernel-compute_debug-debuginfo-3.12.67-60.27.1
  • kernel-rt_debug-devel-debuginfo-3.12.67-60.27.1