The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to
receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
kernel through 3.17.2 did not properly perform RIP changes, which
allowed guest OS users to cause a denial of service (guest OS crash) via
a crafted application (bsc#899192).
- CVE-2014-8086: Race condition in the ext4_file_write_iter function in
fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to
cause a denial of service (file unavailability) via a combination of a
write action and an F_SETFL fcntl operation for the O_DIRECT flag
(bsc#900881).
- CVE-2014-8159: The InfiniBand (IB) implementation did not properly
restrict use of User Verbs for registration of memory regions, which
allowed local users to access arbitrary physical memory locations, and
consequently cause a denial of service (system crash) or gain
privileges, by leveraging permissions on a uverbs device under
/dev/infiniband/ (bsc#914742).
- CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8
did not properly consider the length of the Read-Copy Update (RCU) grace
period for redirecting lookups in the absence of caching, which allowed
remote attackers to cause a denial of service (memory consumption or
system crash) via a flood of packets (bsc#916225).
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19
used an incorrect data type in a sysctl table, which allowed local users
to obtain potentially sensitive information from kernel memory or
possibly have unspecified other impact by accessing a sysctl entry
(bsc#919007).
- CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bsc#919018).
- CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow
the kernel stack (bsc#922944).
- CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling
(bsc#926240).
- CVE-2015-2922: Fixed possible denial of service (DoS) attack against
IPv6 network stacks due to improper handling of Router Advertisements
(bsc#922583).
- CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using
AESNI (bsc#927257).
- CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135).
- CVE-2015-3339: Fixed race condition flaw between the chown() and
execve() system calls which could have lead to local privilege
escalation (bsc#928130).
- CVE-2015-3636: Fixed use-after-free in ping sockets which could have
lead to local privilege escalation (bsc#929525).
The following non-security bugs were fixed:
- /proc/stat: convert to single_open_size() (bsc#928122).
- ACPI / sysfs: Treat the count field of counter_show() as unsigned
(bsc#909312).
- Automatically Provide/Obsolete all subpackages of old flavors
(bsc#925567)
- Btrfs: btrfs_release_extent_buffer_page did not free pages of dummy
extent (bsc#930226).
- Btrfs: fix inode eviction infinite loop after cloning into it
(bsc#930224).
- Btrfs: fix inode eviction infinite loop after extent_same ioctl
(bsc#930224).
- Btrfs: fix log tree corruption when fs mounted with -o discard
(bsc#927116).
- Btrfs: fix up bounds checking in lseek (bsc#927115).
- Fix rtworkqueues crash. Calling __sched_setscheduler() in interrupt
context is forbidden, and destroy_worker() did so in the timer interrupt
with a nohz_full config. Preclude that possibility for both boot options.
- Input: psmouse - add psmouse_matches_pnp_id helper function (bsc#929092).
- Input: synaptics - fix middle button on Lenovo 2015 products
(bsc#929092).
- Input: synaptics - handle spurious release of trackstick buttons
(bsc#929092).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015
series (bsc#929092).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
(bsc#929092).
- Input: synaptics - retrieve the extended capabilities in query $10
(bsc#929092).
- NFS: Add attribute update barriers to nfs_setattr_update_inode()
(bsc#920262).
- NFS: restore kabi after change to nfs_setattr_update_inode (bsc#920262).
- af_iucv: fix AF_IUCV sendmsg() errno (bsc#927308, LTC#123304).
- audit: do not reject all AUDIT_INODE filter types (bsc#927455).
- bnx2x: Fix kdump when iommu=on (bsc#921769).
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor()
(bsc#924664).
- dasd: Fix device having no paths after suspend/resume (bsc#927308,
LTC#123896).
- dasd: Fix inability to set a DASD device offline (bsc#927308,
LTC#123905).
- dasd: Fix unresumed device after suspend/resume (bsc#927308, LTC#123892).
- dasd: Missing partition after online processing (bsc#917125, LTC#120565).
- drm/radeon/cik: Add macrotile mode array query (bsc#927285).
- drm/radeon: fix display tiling setup on SI (bsc#927285).
- drm/radeon: set correct number of banks for CIK chips in DCE
(bsc#927285).
- iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014).
- iommu/amd: Optimize alloc_new_range for new fetch_pte interface
(bsc#931014).
- iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface
(bsc#931014).
- iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface
(bsc#931014).
- iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).
- ipc/shm.c: fix overly aggressive shmdt() when calls span multiple
segments (ipc fixes).
- ipmi: Turn off all activity on an idle ipmi interface (bsc#915540).
- ixgbe: fix detection of SFP+ capable interfaces (bsc#922734).
- kgr: add error code to the message in kgr_revert_replaced_funs.
- kgr: add kgraft annotations to kthreads wait_event_freezable() API calls.
- kgr: correct error handling of the first patching stage.
- kgr: handle the delayed patching of the modules.
- kgr: handle the failure of finalization stage.
- kgr: return error in kgr_init if notifier registration fails.
- kgr: take switching of the fops out of kgr_patch_code to new function.
- kgr: use for_each_process_thread (bsc#929883).
- kgr: use kgr_in_progress for all threads (bnc#929883).
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- mlx4: Call dev_kfree_skby_any instead of dev_kfree_skb (bsc#928708).
- mm, numa: really disable NUMA balancing by default on single node
machines (Automatic NUMA Balancing).
- mm: vmscan: do not throttle based on pfmemalloc reserves if node has no
reclaimable pages (bsc#924803, VM Functionality).
- net/mlx4: Cache line CQE/EQE stride fixes (bsc#927084).
- net/mlx4_core: Cache line EQE size support (bsc#927084).
- net/mlx4_core: Enable CQE/EQE stride support (bsc#927084).
- net/mlx4_en: Add mlx4_en_get_cqe helper (bsc#927084).
- perf/x86/amd/ibs: Update IBS MSRs and feature definitions.
- powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the
allowed address space (bsc#930669).
- powerpc/numa: Add ability to disable and debug topology updates
(bsc#924809).
- powerpc/numa: Enable CONFIG_HAVE_MEMORYLESS_NODES (bsc#924809).
- powerpc/numa: Enable USE_PERCPU_NUMA_NODE_ID (bsc#924809).
- powerpc/numa: check error return from proc_create (bsc#924809).
- powerpc/numa: ensure per-cpu NUMA mappings are correct on topology
update (bsc#924809).
- powerpc/numa: use cached value of update->cpu in update_cpu_topology
(bsc#924809).
- powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
(bsc#928141).
- powerpc/pseries: Introduce api_version to migration sysfs interface
(bsc#926314).
- powerpc/pseries: Little endian fixes for post mobility device tree
update (bsc#926314).
- powerpc/pseries: Simplify check for suspendability during
suspend/migration (bsc#926314).
- powerpc: Fix sys_call_table declaration to enable syscall tracing.
- powerpc: Fix warning reported by verify_cpu_node_mapping() (bsc#924809).
- powerpc: Only set numa node information for present cpus at boottime
(bsc#924809).
- powerpc: reorder per-cpu NUMA information initialization (bsc#924809).
- powerpc: some changes in numa_setup_cpu() (bsc#924809).
- quota: Fix use of units in quota getting / setting interfaces
(bsc#913232).
- rpm/kernel-binary.spec.in: Fix build if there is no *.crt file
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not
match
- s390/bpf: Fix ALU_NEG (A = -A) (bsc#917125, LTC#121759).
- s390/bpf: Fix JMP_JGE_K (A >= K) and JMP_JGT_K (A > K) (bsc#917125,
LTC#121759).
- s390/bpf: Fix JMP_JGE_X (A > X) and JMP_JGT_X (A >= X) (bsc#917125,
LTC#121759).
- s390/bpf: Fix offset parameter for skb_copy_bits() (bsc#917125,
LTC#121759).
- s390/bpf: Fix sk_load_byte_msh() (bsc#917125, LTC#121759).
- s390/bpf: Fix skb_copy_bits() parameter passing (bsc#917125, LTC#121759).
- s390/bpf: Zero extend parameters before calling C function (bsc#917125,
LTC#121759).
- s390/sclp: Consolidate early sclp init calls to sclp_early_detect()
(bsc#917125, LTC#122429).
- s390/sclp: Determine HSA size dynamically for zfcpdump (bsc#917125,
LTC#122429).
- s390/sclp: Move declarations for sclp_sdias into separate header file
(bsc#917125, LTC#122429).
- s390/sclp: Move early code from sclp_cmd.c to sclp_early.c (bsc#917125,
LTC#122429).
- s390/sclp: replace uninitialized early_event_mask_sccb variable with
sccb_early (bsc#917125, LTC#122429).
- s390/sclp: revert smp-detect-possible-cpus.patch (bsc#917125,
LTC#122429).
- s390/sclp_early: Add function to detect sclp console capabilities
(bsc#917125, LTC#122429).
- s390/sclp_early: Get rid of sclp_early_read_info_sccb_valid (bsc#917125,
LTC#122429).
- s390/sclp_early: Pass sccb pointer to every *_detect() function
(bsc#917125, LTC#122429).
- s390/sclp_early: Replace early_read_info_sccb with sccb_early
(bsc#917125, LTC#122429).
- s390/sclp_early: Return correct HSA block count also for zero
(bsc#917125, LTC#122429).
- s390/smp: limit number of cpus in possible cpu mask (bsc#917125,
LTC#122429).
- s390: kgr, change the kgraft state only if enabled.
- sched, time: Fix lock inversion in thread_group_cputime()
- sched: Fix potential near-infinite distribute_cfs_runtime() loop
(bsc#930786)
- sched: Robustify topology setup (bsc#924809).
- seqlock: Add irqsave variant of read_seqbegin_or_lock() (Time
scalability).
- storvsc: Set the SRB flags correctly when no data transfer is needed
(bsc#931130).
- x86/apic/uv: Update the APIC UV OEM check (bsc#929145).
- x86/apic/uv: Update the UV APIC HUB check (bsc#929145).
- x86/apic/uv: Update the UV APIC driver check (bsc#929145).
- x86/microcode/intel: Guard against stack overflow in the loader
(bsc#922944).