openSUSE Security Update : the Linux Kernel (openSUSE-2016-256)


The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work (bsc#965356). Following security bugs were fixed : - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux invalidates a paging structure that is not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question, causing a local denial service (machine crash). (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). The following non-security bugs were fixed : - Bluetooth: ath3k: workaround the compatibility issue with xHCI controller (bnc#907378). - kABI fix for addition of user_namespace.flags field (bnc#965308, bnc#965356). - userns: Add a knob to disable setgroups on a per user namespace basis (bnc#965308, bnc#965356). - userns: Allow setting gid_maps without privilege when setgroups is disabled (bnc#965308, bnc#965356). - userns: Rename id_map_mutex to userns_state_mutex (bnc#965308, bnc#965356).