Lucene search

K
suseSuseSUSE-SU-2015:1224-1
HistoryJul 10, 2015 - 4:08 p.m.

Security update for the Linux Kernel (important)

2015-07-1016:08:16
lists.opensuse.org
49

EPSS

0.399

Percentile

97.3%

The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the
following bugs and security issues.

The following security issues have been fixed:

  • Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch
    (bsc#936831, CVE-2015-5364, CVE-2015-5366).
  • Btrfs: make xattr replace operations atomic (bnc#923908, CVE-2014-9710).
  • udp: fix behavior of wrong checksums (bsc#936831, CVE-2015-5364,
    CVE-2015-5366).
  • vfs: read file_handle only once in handle_to_path (bsc#915517,
    CVE-2015-1420).
  • x86: bpf_jit: fix compilation of large bpf programs
    (bnc#935705,CVE-2015-4700).
  • udf: Check length of extended attributes and allocation (bsc#936831,
    CVE-2015-5364, CVE-2015-5366).
  • Update patches.fixes/udf-Check-component-length-before-reading-it.patch
    (bsc#933904, CVE-2014-9728, CVE-2014-9730).
  • Update patches.fixes/udf-Verify-i_size-when-loading-inode.patch
    (bsc#933904, CVE-2014-9728, CVE-2014-9729).
  • Update patches.fixes/udf-Verify-symlink-size-before-loading-it.patch
    (bsc#933904, CVE-2014-9728).
  • Update patches.fixes/udf-Check-path-length-when-reading-symlink.patch
    (bnc#933896, CVE-2014-9731).
  • pipe: fix iov overrun for failed atomic copy (bsc#933429, CVE-2015-1805).
  • ipv6: Don’t reduce hop limit for an interface (bsc#922583,
    CVE-2015-2922).
  • net: llc: use correct size for sysctl timeout entries (bsc#919007,
    CVE-2015-2041).
  • ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,
    CVE-2015-3636).
  • ipv6: Don’t reduce hop limit for an interface (bsc#922583,
    CVE-2015-2922).
  • net: llc: use correct size for sysctl timeout entries (bsc#919007,
    CVE-2015-2041).
  • ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,
    CVE-2015-3636).

The following non-security issues have been fixed:

  • mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
  • ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned
    (bsc#927355).
  • pci: Add SRIOV helper function to determine if VFs are assigned to guest
    (bsc#927355).
  • net/mlx4_core: Don’t disable SRIOV if there are active VFs (bsc#927355).
  • udf: Remove repeated loads blocksize (bsc#933907).
  • Refresh patches.fixes/deal-with-deadlock-in-d_walk-fix.patch. based on
    3.2 stable fix 20defcec264c ("dcache: Fix locking bugs in backported
    "deal with deadlock in d_walk()""). Not harmfull for regular SLES
    kernels but RT or PREEMPT kernels would see disbalance.
  • sched: Fix potential near-infinite distribute_cfs_runtime() loop
    (bnc#930786)
  • tty: Correct tty buffer flush (bnc#929647).
  • tty: hold lock across tty buffer finding and buffer filling (bnc#929647).