Security update for the Linux Kernel (important)

2016-02-2212:11:15

lists.opensuse.org

0.002 Low

EPSS

Percentile

58.1%

JSON

The openSUSE 13.2 kernel was updated to receive security and bugfixes.

It also fixes a regression that caused the Chromium sandbox to no longer
work (bsc#965356).

Following security bugs were fixed:

CVE-2016-2069: A flaw was discovered in a way the Linux deals with
paging structures. When Linux invalidates a paging structure that is not
in use locally, it could, in principle, race against another CPU that is
switching to a process that uses the paging structure in question,
causing a local denial service (machine crash). (bnc#963767).
CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call (bnc#961500).

The following non-security bugs were fixed:

Bluetooth: ath3k: workaround the compatibility issue with xHCI
controller (bnc#907378).
kABI fix for addition of user_namespace.flags field (bnc#965308,
bnc#965356).
userns: Add a knob to disable setgroups on a per user namespace basis
(bnc#965308, bnc#965356).
userns: Allow setting gid_maps without privilege when setgroups is
disabled (bnc#965308, bnc#965356).
userns: Rename id_map_mutex to userns_state_mutex (bnc#965308,
bnc#965356).

OSVersionArchitecturePackageVersionFilename
openSUSE13.2noarchkernel-macros< 3.16.7-35.1kernel-macros-3.16.7-35.1.noarch.rpm
openSUSE13.2x86_64pcfclock-debugsource< 0.44-260.17.1pcfclock-debugsource-0.44-260.17.1.x86_64.rpm
openSUSE13.2x86_64kernel-xen-base-debuginfo< 3.16.7-35.1kernel-xen-base-debuginfo-3.16.7-35.1.x86_64.rpm
openSUSE13.2noarchkernel-docs< 3.16.7-35.2kernel-docs-3.16.7-35.2.noarch.rpm
openSUSE13.2x86_64hdjmod-kmp-xen< 1.28_k3.16.7_35-18.18.1hdjmod-kmp-xen-1.28_k3.16.7_35-18.18.1.x86_64.rpm
openSUSE13.2x86_64xen-tools-domu-debuginfo< 4.4.3_08-40.1xen-tools-domU-debuginfo-4.4.3_08-40.1.x86_64.rpm
openSUSE13.2i586vhba-kmp-xen-debuginfo< 20140629_k3.16.7_35-2.17.1vhba-kmp-xen-debuginfo-20140629_k3.16.7_35-2.17.1.i586.rpm
openSUSE13.2noarchvirtualbox-guest-desktop-icons< 4.3.36-43.2virtualbox-guest-desktop-icons-4.3.36-43.2.noarch.rpm
openSUSE13.2i586ipset-kmp-pae-debuginfo< 6.23_k3.16.7_35-17.1ipset-kmp-pae-debuginfo-6.23_k3.16.7_35-17.1.i586.rpm
openSUSE13.2i586libipset3-debuginfo< 6.23-17.1libipset3-debuginfo-6.23-17.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	13.2	noarch	kernel-macros	< 3.16.7-35.1	kernel-macros-3.16.7-35.1.noarch.rpm
openSUSE	13.2	x86_64	pcfclock-debugsource	< 0.44-260.17.1	pcfclock-debugsource-0.44-260.17.1.x86_64.rpm
openSUSE	13.2	x86_64	kernel-xen-base-debuginfo	< 3.16.7-35.1	kernel-xen-base-debuginfo-3.16.7-35.1.x86_64.rpm
openSUSE	13.2	noarch	kernel-docs	< 3.16.7-35.2	kernel-docs-3.16.7-35.2.noarch.rpm
openSUSE	13.2	x86_64	hdjmod-kmp-xen	< 1.28_k3.16.7_35-18.18.1	hdjmod-kmp-xen-1.28_k3.16.7_35-18.18.1.x86_64.rpm
openSUSE	13.2	x86_64	xen-tools-domu-debuginfo	< 4.4.3_08-40.1	xen-tools-domU-debuginfo-4.4.3_08-40.1.x86_64.rpm
openSUSE	13.2	i586	vhba-kmp-xen-debuginfo	< 20140629_k3.16.7_35-2.17.1	vhba-kmp-xen-debuginfo-20140629_k3.16.7_35-2.17.1.i586.rpm
openSUSE	13.2	noarch	virtualbox-guest-desktop-icons	< 4.3.36-43.2	virtualbox-guest-desktop-icons-4.3.36-43.2.noarch.rpm
openSUSE	13.2	i586	ipset-kmp-pae-debuginfo	< 6.23_k3.16.7_35-17.1	ipset-kmp-pae-debuginfo-6.23_k3.16.7_35-17.1.i586.rpm
openSUSE	13.2	i586	libipset3-debuginfo	< 6.23-17.1	libipset3-debuginfo-6.23-17.1.i586.rpm