Lucene search

K
suseSuseOPENSUSE-SU-2016:0280-1
HistoryJan 29, 2016 - 2:11 p.m.

Security update for the Linux Kernel (important)

2016-01-2914:11:40
lists.opensuse.org
30

EPSS

0.002

Percentile

54.9%

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable
release, and also includes security and bugfixes.

Following security bugs were fixed:

  • CVE-2016-0728: A reference leak in keyring handling with
    join_session_keyring() could lead to local attackers gain root
    privileges. (bsc#962075).
  • CVE-2015-7550: A local user could have triggered a race between read and
    revoke in keyctl (bnc#958951).
  • CVE-2015-8767: A case can occur when sctp_accept() is called by the user
    during a heartbeat timeout event after the 4-way handshake. Since
    sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
    bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the
    listening socket but released with the new association socket. The
    result is a deadlock on any future attempts to take the listening socket
    lock. (bsc#961509)
  • CVE-2015-8539: A negatively instantiated user key could have been used
    by a local user to leverage privileges (bnc#958463).
  • CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
    drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
    length, which allowed local users to obtain sensitive information from
    kernel memory and bypass the KASLR protection mechanism via a crafted
    application (bnc#959190).
  • CVE-2015-8543: The networking implementation in the Linux kernel did not
    validate protocol identifiers for certain protocol families, which
    allowed local users to cause a denial of service (NULL function pointer
    dereference and system crash) or possibly gain privileges by leveraging
    CLONE_NEWUSER support to execute a crafted SOCK_RAW application
    (bnc#958886).
  • CVE-2015-8575: Validate socket address length in sco_sock_bind() to
    prevent information leak (bsc#959399).
  • CVE-2015-8551, CVE-2015-8552: xen/pciback: For
    XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
    (bsc#957990).
  • CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
    could have lead to double fetch vulnerabilities, causing denial of
    service or arbitrary code execution (depending on the configuration)
    (bsc#957988).

The following non-security bugs were fixed:

  • ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).
  • ALSA: hda - Apply click noise workaround for Thinkpads generically
    (bsc#958439).
  • ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
  • ALSA: hda - Flush the pending probe work at remove (boo#960710).
  • ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).
  • Add Cavium Thunderx network enhancements
  • Add RHEL to kernel-obs-build
  • Backport amd xgbe fixes and features
  • Backport arm64 patches from SLE12-SP1-ARM.
  • Btrfs: fix the number of transaction units needed to remove a block
    group (bsc#950178).
  • Btrfs: use global reserve when deleting unused block group after ENOSPC
    (bsc#950178).
  • Documentation: nousb is a module parameter (bnc#954324).
  • Driver for IBM System i/p VNIC protocol.
  • Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent
    tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can’t
    be built as a module.
  • Fix PCI generic host controller
  • Fix kABI breakage for max_dev_sectors addition to queue_limits
    (boo#961263).
  • HID: multitouch: Fetch feature reports on demand for Win8 devices
    (boo#954532).
  • HID: multitouch: fix input mode switching on some Elan panels
    (boo#954532).
  • Implement enable/disable for Display C6 state (boo#960021).
  • Input: aiptek - fix crash on detecting device without endpoints
    (bnc#956708).
  • Linux 4.1.15 (boo#954647 bsc#955422).
  • Move kabi patch to patches.kabi directory
  • Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in
    SLE11-SP3, now replaced with the upstream drivers.
  • PCI: generic: Pass starting bus number to pci_scan_root_bus().
  • Revert "block: remove artifical max_hw_sectors cap" (boo#961263).
  • Set system time through RTC device
  • Update arm64 config files. Enabled DRM_AST in the vanilla kernel since
    it is now enabled in the default kernel.
  • Update config files: CONFIG_IBMVNIC=m
  • block/sd: Fix device-imposed transfer length limits (boo#961263).
  • block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).
  • drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).
  • drm/i915/skl: Add DC6 Trigger sequence (boo#960021).
  • drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).
  • drm/i915/skl: Add the INIT power domain to the MISC I/O power well
    (boo#960021).
  • drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).
  • drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).
  • drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS
    (boo#960021).
  • drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).
  • drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).
  • drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).
  • drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).
  • drm/i915/skl: Make the Misc I/O power well part of the PLLS domain
    (boo#960021).
  • drm/i915/skl: add F0 stepping ID (boo#960021).
  • drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).
  • drm/i915: Clear crtc atomic flags at beginning of transaction
    (boo#960021).
  • drm/i915: Fix CSR MMIO address check (boo#960021).
  • drm/i915: Switch to full atomic helpers for plane updates/disable, take
    two (boo#960021).
  • drm/i915: set CDCLK if DPLL0 enabled during resuming from S3
    (boo#960021).
  • ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).
  • genksyms: Handle string literals with spaces in reference files
    (bsc#958510).
  • group-source-files: mark module.lds as devel file ld: cannot open linker
    script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such
    file or directory
  • hwrng: core - sleep interruptible in read (bnc#962597).
  • ipv6: distinguish frag queues by device for multicast and link-local
    packets (bsc#955422).
  • kABI fixes for linux-4.1.15.
  • rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir
  • rpm/constraints.in: Bump disk space requirements up a bit Require 10GB
    on s390x, 20GB elsewhere.
  • rpm/constraints.in: Require 14GB worth of disk space on POWER The builds
    started to fail randomly due to ENOSPC errors.
  • rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH
    CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since
    2.6.39 and is enabled in our configs.
  • rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259
  • rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
  • rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
  • rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel
    should not be added to the bootloader nor are there any KMPs.
  • rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11
    (bnc#865096)
  • rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,
    remove the lengthy comment, since we are using a standard rpm macro now.
  • thinkpad_acpi: Do not yell on unsupported brightness interfaces
    (boo#957152).
  • usb: make "nousb" a clear module parameter (bnc#954324).
  • usbvision fix overflow of interfaces array (bnc#950998).
  • x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
  • x86/microcode/amd: Extract current patch level read to a function
    (bsc#913996).
  • xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set
    (bsc#957990 XSA-157).
  • xhci: refuse loading if nousb is used (bnc#954324).