Security update for the Linux Kernel (important)

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable
release, and also includes security and bugfixes.

Following security bugs were fixed:

• CVE-2016-0728: A reference leak in keyring handling with
  join_session_keyring() could lead to local attackers gain root
  privileges. (bsc#962075).
• CVE-2015-7550: A local user could have triggered a race between read and
  revoke in keyctl (bnc#958951).
• CVE-2015-8767: A case can occur when sctp_accept() is called by the user
  during a heartbeat timeout event after the 4-way handshake. Since
  sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
  bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the
  listening socket but released with the new association socket. The
  result is a deadlock on any future attempts to take the listening socket
  lock. (bsc#961509)
• CVE-2015-8539: A negatively instantiated user key could have been used
  by a local user to leverage privileges (bnc#958463).
• CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
  drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
  length, which allowed local users to obtain sensitive information from
  kernel memory and bypass the KASLR protection mechanism via a crafted
  application (bnc#959190).
• CVE-2015-8543: The networking implementation in the Linux kernel did not
  validate protocol identifiers for certain protocol families, which
  allowed local users to cause a denial of service (NULL function pointer
  dereference and system crash) or possibly gain privileges by leveraging
  CLONE_NEWUSER support to execute a crafted SOCK_RAW application
  (bnc#958886).
• CVE-2015-8575: Validate socket address length in sco_sock_bind() to
  prevent information leak (bsc#959399).
• CVE-2015-8551, CVE-2015-8552: xen/pciback: For
  XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
  (bsc#957990).
• CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
  could have lead to double fetch vulnerabilities, causing denial of
  service or arbitrary code execution (depending on the configuration)
  (bsc#957988).

The following non-security bugs were fixed:

• ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).
• ALSA: hda - Apply click noise workaround for Thinkpads generically
  (bsc#958439).
• ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
• ALSA: hda - Flush the pending probe work at remove (boo#960710).
• ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).
• Add Cavium Thunderx network enhancements
• Add RHEL to kernel-obs-build
• Backport amd xgbe fixes and features
• Backport arm64 patches from SLE12-SP1-ARM.
• Btrfs: fix the number of transaction units needed to remove a block
  group (bsc#950178).
• Btrfs: use global reserve when deleting unused block group after ENOSPC
  (bsc#950178).
• Documentation: nousb is a module parameter (bnc#954324).
• Driver for IBM System i/p VNIC protocol.
• Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent
  tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can’t
  be built as a module.
• Fix PCI generic host controller
• Fix kABI breakage for max_dev_sectors addition to queue_limits
  (boo#961263).
• HID: multitouch: Fetch feature reports on demand for Win8 devices
  (boo#954532).
• HID: multitouch: fix input mode switching on some Elan panels
  (boo#954532).
• Implement enable/disable for Display C6 state (boo#960021).
• Input: aiptek - fix crash on detecting device without endpoints
  (bnc#956708).
• Linux 4.1.15 (boo#954647 bsc#955422).
• Move kabi patch to patches.kabi directory
• Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in
  SLE11-SP3, now replaced with the upstream drivers.
• PCI: generic: Pass starting bus number to pci_scan_root_bus().
• Revert "block: remove artifical max_hw_sectors cap" (boo#961263).
• Set system time through RTC device
• Update arm64 config files. Enabled DRM_AST in the vanilla kernel since
  it is now enabled in the default kernel.
• Update config files: CONFIG_IBMVNIC=m
• block/sd: Fix device-imposed transfer length limits (boo#961263).
• block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).
• drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).
• drm/i915/skl: Add DC6 Trigger sequence (boo#960021).
• drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).
• drm/i915/skl: Add the INIT power domain to the MISC I/O power well
  (boo#960021).
• drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).
• drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).
• drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS
  (boo#960021).
• drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).
• drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).
• drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).
• drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).
• drm/i915/skl: Make the Misc I/O power well part of the PLLS domain
  (boo#960021).
• drm/i915/skl: add F0 stepping ID (boo#960021).
• drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).
• drm/i915: Clear crtc atomic flags at beginning of transaction
  (boo#960021).
• drm/i915: Fix CSR MMIO address check (boo#960021).
• drm/i915: Switch to full atomic helpers for plane updates/disable, take
  two (boo#960021).
• drm/i915: set CDCLK if DPLL0 enabled during resuming from S3
  (boo#960021).
• ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).
• genksyms: Handle string literals with spaces in reference files
  (bsc#958510).
• group-source-files: mark module.lds as devel file ld: cannot open linker
  script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such
  file or directory
• hwrng: core - sleep interruptible in read (bnc#962597).
• ipv6: distinguish frag queues by device for multicast and link-local
  packets (bsc#955422).
• kABI fixes for linux-4.1.15.
• rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir
• rpm/constraints.in: Bump disk space requirements up a bit Require 10GB
  on s390x, 20GB elsewhere.
• rpm/constraints.in: Require 14GB worth of disk space on POWER The builds
  started to fail randomly due to ENOSPC errors.
• rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH
  CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since
  2.6.39 and is enabled in our configs.
• rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259
• rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
• rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
• rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel
  should not be added to the bootloader nor are there any KMPs.
• rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11
  (bnc#865096)
• rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,
  remove the lengthy comment, since we are using a standard rpm macro now.
• thinkpad_acpi: Do not yell on unsupported brightness interfaces
  (boo#957152).
• usb: make "nousb" a clear module parameter (bnc#954324).
• usbvision fix overflow of interfaces array (bnc#950998).
• x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
• x86/microcode/amd: Extract current patch level read to a function
  (bsc#913996).
• xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set
  (bsc#957990 XSA-157).
• xhci: refuse loading if nousb is used (bnc#954324).