Lucene search

K
suseSuseSUSE-SU-2015:1324-1
HistoryJul 31, 2015 - 10:08 a.m.

Security update for the SUSE Linux Enterprise 12 kernel (important)

2015-07-3110:08:48
lists.opensuse.org
29

0.44 Medium

EPSS

Percentile

97.0%

The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive
various security and bugfixes.

These features were added:

  • mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support
    (bsc#854824).
  • mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817).

Following security bugs were fixed:

  • CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS
    or privilege escalation (bsc#933429).
  • CVE-2015-3212: A race condition in the way the Linux kernel handled
    lists of associations in SCTP sockets could have lead to list corruption
    and kernel panics (bsc#936502).
  • CVE-2015-4036: DoS via memory corruption in vhost/scsi driver
    (bsc#931988).
  • CVE-2015-4167: Linux kernel built with the UDF file
    system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred
    while fetching inode information from a corrupted/malicious udf file
    system image (bsc#933907).
  • CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events
    function (bsc#935542).
  • CVE-2015-5364: Remote DoS via flood of UDP packets with invalid
    checksums (bsc#936831).
  • CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP
    packets with invalid checksums (bsc#936831).

Security issues already fixed in the previous update but not referenced by
CVE:

  • CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS)
    support were vulnerable to a crash (bsc#933904).
  • CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS)
    support were vulnerable to a crash (bsc#933904).
  • CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS)
    support were vulnerable to a crash (bsc#933904).
  • CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS)
    support were vulnerable to information leakage (bsc#933896).

The following non-security bugs were fixed:

  • ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556).
  • ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec
    (bsc#936556).
  • ALSA: hda_controller: Separate stream_tag for input and output streams
    (bsc#936556).
  • ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW
    (bsc#936556).
  • ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556).
  • ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point
    (bsc#936556).
  • Btrfs: Handle unaligned length in extent_same (bsc#937609).
  • Btrfs: add missing inode item update in fallocate() (bsc#938023).
  • Btrfs: check pending chunks when shrinking fs to avoid corruption
    (bsc#936445).
  • Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).
  • Btrfs: fix block group ->space_info null pointer dereference
    (bsc#935088).
  • Btrfs: fix clone / extent-same deadlocks (bsc#937612).
  • Btrfs: fix deadlock with extent-same and readpage (bsc#937612).
  • Btrfs: fix fsync data loss after append write (bsc#936446).
  • Btrfs: fix hang during inode eviction due to concurrent readahead
    (bsc#935085).
  • Btrfs: fix memory leak in the extent_same ioctl (bsc#937613).
  • Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON
    (bsc#926369).
  • Btrfs: fix use after free when close_ctree frees the orphan_rsv
    (bsc#938022).
  • Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).
  • Btrfs: provide super_operations->inode_get_dev (bsc#927455).
  • Drivers: hv: balloon: check if ha_region_mutex was acquired in
    MEM_CANCEL_ONLINE case.
  • Drivers: hv: fcopy: process deferred messages when we complete the
    transaction.
  • Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work.
  • Drivers: hv: fcopy: set .owner reference for file operations.
  • Drivers: hv: fcopy: switch to using the hvutil_device_state state
    machine.
  • Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case.
  • Drivers: hv: hv_balloon: correctly handle val.freeram lower than
    num_pages case.
  • Drivers: hv: hv_balloon: do not lose memory when onlining order is not
    natural.
  • Drivers: hv: hv_balloon: do not online pages in offline blocks.
  • Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor
    function.
  • Drivers: hv: hv_balloon: eliminate the trylock path in
    acquire/release_region_mutex.
  • Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure.
  • Drivers: hv: hv_balloon: refuse to balloon below the floor.
  • Drivers: hv: hv_balloon: report offline pages as being used.
  • Drivers: hv: hv_balloon: survive ballooning request with num_pages=0.
  • Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.
  • Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work.
  • Drivers: hv: kvp: reset kvp_context.
  • Drivers: hv: kvp: switch to using the hvutil_device_state state machine.
  • Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change
    ontop of v3.12-stable change
  • Drivers: hv: util: On device remove, close the channel after
    de-initializing the service.
  • Drivers: hv: util: introduce hv_utils_transport abstraction.
  • Drivers: hv: util: introduce state machine for util drivers.
  • Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.
  • Drivers: hv: vmbus: Add device and vendor ID to vmbus devices.
  • Drivers: hv: vmbus: Add support for VMBus panic notifier handler
    (bsc#934160).
  • Drivers: hv: vmbus: Add support for the NetworkDirect GUID.
  • Drivers: hv: vmbus: Correcting truncation error for constant
    HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160).
  • Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl().
  • Drivers: hv: vmbus: Fix a bug in rescind processing in
    vmbus_close_internal().
  • Drivers: hv: vmbus: Fix a siganlling host signalling issue.
  • Drivers: hv: vmbus: Get rid of some unnecessary messages.
  • Drivers: hv: vmbus: Get rid of some unused definitions.
  • Drivers: hv: vmbus: Handle both rescind and offer messages in the same
    context.
  • Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.
  • Drivers: hv: vmbus: Introduce a function to remove a rescinded offer.
  • Drivers: hv: vmbus: Perform device register in the per-channel work
    element.
  • Drivers: hv: vmbus: Permit sending of packets without payload.
  • Drivers: hv: vmbus: Properly handle child device remove.
  • Drivers: hv: vmbus: Remove the channel from the channel list(s) on
    failure.
  • Drivers: hv: vmbus: Suport an API to send packet with additional control.
  • Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
    control.
  • Drivers: hv: vmbus: Teardown clockevent devices on module unload.
  • Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module
    unload.
  • Drivers: hv: vmbus: Use a round-robin algorithm for picking the
    outgoing channel.
  • Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU
    0.
  • Drivers: hv: vmbus: avoid double kfree for device_obj.
  • Drivers: hv: vmbus: briefly comment num_sc and next_oc.
  • Drivers: hv: vmbus: decrease num_sc on subchannel removal.
  • Drivers: hv: vmbus: distribute subchannels among all vcpus.
  • Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths.
  • Drivers: hv: vmbus: introduce vmbus_acpi_remove.
  • Drivers: hv: vmbus: kill tasklets on module unload.
  • Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer().
  • Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors.
  • Drivers: hv: vmbus: rename channel work queues.
  • Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection
    pages on shutdown.
  • Drivers: hv: vmbus: unify calls to percpu_channel_enq().
  • Drivers: hv: vmbus: unregister panic notifier on module unload.
  • Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10.
  • Drivers: hv: vss: process deferred messages when we complete the
    transaction.
  • Drivers: hv: vss: switch to using the hvutil_device_state state machine.
  • Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012)
  • Fix connection reuse when sk_error_report is used (bsc#930972).
  • GHES: Carve out error queueing in a separate function (bsc#917630).
  • GHES: Carve out the panic functionality (bsc#917630).
  • GHES: Elliminate double-loop in the NMI handler (bsc#917630).
  • GHES: Make NMI handler have a single reader (bsc#917630).
  • GHES: Panic right after detection (bsc#917630).
  • IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach
    (bsc#918618).
  • Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls
  • KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode
    (bsc#908491).
  • KVM: s390: virtio-ccw: Handle command rejects (bsc#931860).
  • MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).
  • MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).
  • PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911).
  • Revert "MODSIGN: loading keys from db when SecureBoot disabled". This
    reverts commit b45412d4, because it breaks legacy boot.
  • SUNRPC: Report connection error values to rpc_tasks on the pending queue
    (bsc#930972).
  • Update s390x kabi files with netfilter change (bsc#936012)
  • client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set
    (bsc#932348).
  • cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors
    (bsc#933117).
  • dmapi: fix value from newer Linux strnlen_user() (bsc#932897).
  • drm/i915/hsw: Fix workaround for server AUX channel clock divisor
    (bsc#935918).
  • drm/i915: Evict CS TLBs between batches (bsc#935918).
  • drm/i915: Fix DDC probe for passive adapters (bsc#935918).
  • drm/i915: Handle failure to kick out a conflicting fb driver
    (bsc#935918).
  • drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918).
  • drm/i915: save/restore GMBUS freq across suspend/resume on gen4
    (bsc#935918).
  • edd: support original Phoenix EDD 3.0 information (bsc#929974).
  • ext4: fix over-defensive complaint after journal abort (bsc#935174).
  • fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124).
  • ftrace: add oco handling patch (bsc#924526).
  • ftrace: allow architectures to specify ftrace compile options
    (bsc#924526).
  • ftrace: let notrace function attribute disable hotpatching if necessary
    (bsc#924526).
  • hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES
    (bsc#930092).
  • hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092).
  • hv: channel: match var type to return type of wait_for_completion.
  • hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind().
  • hv: hv_balloon: match var type to return type of wait_for_completion.
  • hv: hv_util: move vmbus_open() to a later place.
  • hv: hypervvssd: call endmntent before call setmntent again.
  • hv: no rmmod for hv_vmbus and hv_utils.
  • hv: remove the per-channel workqueue.
  • hv: run non-blocking message handlers in the dispatch tasklet.
  • hv: vmbus: missing curly braces in vmbus_process_offer().
  • hv: vmbus_free_channels(): remove the redundant free_channel().
  • hv: vmbus_open(): reset the channel state on ENOMEM.
  • hv: vmbus_post_msg: retry the hypercall on some transient errors.
  • hv_netvsc: Allocate the receive buffer from the correct NUMA node.
  • hv_netvsc: Allocate the sendbuf in a NUMA aware way.
  • hv_netvsc: Clean up two unused variables.
  • hv_netvsc: Cleanup the test for freeing skb when we use sendbuf
    mechanism.
  • hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE.
  • hv_netvsc: Eliminate memory allocation in the packet send path.
  • hv_netvsc: Fix a bug in netvsc_start_xmit().
  • hv_netvsc: Fix the packet free when it is in skb headroom.
  • hv_netvsc: Implement batching in send buffer.
  • hv_netvsc: Implement partial copy into send buffer.
  • hv_netvsc: Use the xmit_more skb flag to optimize signaling the host.
  • hv_netvsc: change member name of struct netvsc_stats.
  • hv_netvsc: introduce netif-msg into netvsc module.
  • hv_netvsc: remove unused variable in netvsc_send().
  • hv_netvsc: remove vmbus_are_subchannels_present() in
    rndis_filter_device_add().
  • hv_netvsc: try linearizing big SKBs before dropping them.
  • hv_netvsc: use per_cpu stats to calculate TX/RX data.
  • hv_netvsc: use single existing drop path in netvsc_start_xmit.
  • hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg().
  • hyperv: Implement netvsc_get_channels() ethool op.
  • hyperv: hyperv_fb: match wait_for_completion_timeout return type.
  • iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).
  • iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881).
  • ipr: Increase default adapter init stage change timeout (bsc#930579).
  • ipv6: do not delete previously existing ECMP routes if add fails
    (bsc#930399).
  • ipv6: fix ECMP route replacement (bsc#930399).
  • jbd2: improve error messages for inconsistent journal heads (bsc#935174).
  • jbd2: revise KERN_EMERG error messages (bsc#935174).
  • kabi/severities: Add s390 symbols allowed to change in bsc#931860
  • kabi: only use sops->get_inode_dev with proper fsflag.
  • kernel: add panic_on_warn.
  • kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP
    (bsc#928131).
  • kgr: fix redirection on s390x arch (bsc#903279).
  • kgr: move kgr_task_in_progress() to sched.h.
  • kgr: send a fake signal to all blocking tasks.
  • kvm: irqchip: Break up high order allocations of kvm_irq_routing_table
    (bsc#926953).
  • libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599).
  • mei: bus: () can be static.
  • mm, thp: really limit transparent hugepage allocation to local node (VM
    Performance, bsc#931620).
  • mm, thp: respect MPOL_PREFERRED policy with non-local node (VM
    Performance, bsc#931620).
  • mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM
    Performance, bsc#931620).
  • mm/thp: allocate transparent hugepages on local node (VM Performance,
    bsc#931620).
  • net/mlx4_en: Call register_netdevice in the proper location (bsc#858727).
  • net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for
    VXLAN (bsc#858727).
  • net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference
    (bsc#867362).
  • net: introduce netdev_alloc_pcpu_stats() for drivers.
  • net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
  • netdev: set __percpu attribute on netdev_alloc_pcpu_stats.
  • netdev_alloc_pcpu_stats: use less common iterator variable.
  • netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083)
  • ovl: default permissions (bsc#924071).
  • ovl: move s_stack_depth .
  • powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack
    allocations (bsc#931403).
  • powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967).
  • powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler
    (bsc#929475).
  • powerpc: Fill in si_addr_lsb siginfo field (bsc#929475).
  • powerpc: Simplify do_sigbus (bsc#929475).
  • reiserfs: Fix use after free in journal teardown (bsc#927697).
  • rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786).
  • s390/airq: add support for irq ranges (bsc#931860).
  • s390/airq: silence lockdep warning (bsc#931860).
  • s390/compat,signal: change return values to -EFAULT (bsc#929879).
  • s390/ftrace: hotpatch support for function tracing (bsc#924526).
  • s390/irq: improve displayed interrupt order in /proc/interrupts
    (bsc#931860).
  • s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879).
  • s390/kgr: reorganize kgr infrastructure in entry64.S.
  • s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879).
  • s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879).
  • s390/rwlock: add missing local_irq_restore calls (bsc#929879).
  • s390/sclp_vt220: Fix kernel panic due to early terminal input
    (bsc#931860).
  • s390/smp: only send external call ipi if needed (bsc#929879).
  • s390/spinlock,rwlock: always to a load-and-test first (bsc#929879).
  • s390/spinlock: cleanup spinlock code (bsc#929879).
  • s390/spinlock: optimize spin_unlock code (bsc#929879).
  • s390/spinlock: optimize spinlock code sequence (bsc#929879).
  • s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879).
  • s390/time: use stck clock fast for do_account_vtime (bsc#929879).
  • s390: Remove zfcpdump NR_CPUS dependency (bsc#929879).
  • s390: add z13 code generation support (bsc#929879).
  • s390: avoid z13 cache aliasing (bsc#929879).
  • s390: fix control register update (bsc#929879).
  • s390: optimize control register update (bsc#929879).
  • s390: z13 base performance (bsc#929879).
  • sched: fix __sched_setscheduler() vs load balancing race (bsc#921430)
  • scsi: retry MODE SENSE on unit attention (bsc#895814).
  • scsi_dh_alua: Recheck state on unit attention (bsc#895814).
  • scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814).
  • scsi_dh_alua: parse device id instead of target id (bsc#895814).
  • scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814).
  • scsi_dh_alua: update all port states (bsc#895814).
  • sd: always retry READ CAPACITY for ALUA state transition (bsc#895814).
  • st: null pointer dereference panic caused by use after kref_put by
    st_open (bsc#936875).
  • supported.conf: add btrfs to kernel-$flavor-base (bsc#933637)
  • udf: Remove repeated loads blocksize (bsc#933907).
  • usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
    port reset (bsc#938024).
  • vTPM: set virtual device before passing to ibmvtpm_reset_crq
    (bsc#937087).
  • vfs: add super_operations->get_inode_dev (bsc#927455).
  • virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860).
  • virtio-rng: do not crash if virtqueue is broken (bsc#931860).
  • virtio: fail adding buffer on broken queues (bsc#931860).
  • virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860).
  • virtio_blk: verify if queue is broken after virtqueue_get_buf()
    (bsc#931860).
  • virtio_ccw: fix hang in set offline processing (bsc#931860).
  • virtio_ccw: fix vcdev pointer handling issues (bsc#931860).
  • virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860).
  • virtio_net: do not crash if virtqueue is broken (bsc#931860).
  • virtio_net: verify if queue is broken after virtqueue_get_buf()
    (bsc#931860).
  • virtio_ring: adapt to notify() returning bool (bsc#931860).
  • virtio_ring: add new function virtqueue_is_broken() (bsc#931860).
  • virtio_ring: change host notification API (bsc#931860).
  • virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860).
  • virtio_ring: plug kmemleak false positive (bsc#931860).
  • virtio_scsi: do not call virtqueue_add_sgs(… GFP_NOIO) holding
    spinlock (bsc#931860).
  • virtio_scsi: verify if queue is broken after virtqueue_get_buf()
    (bsc#931860).
  • vmxnet3: Bump up driver version number (bsc#936423).
  • vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
  • vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
  • vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
  • x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092).
  • x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing
    (bsc#907092).
  • x86/kgr: move kgr infrastructure from asm to C.
  • x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
  • xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793).
  • xfs: Skip dirty pages in ->releasepage (bsc#915183).
  • xfs: fix xfs_setattr for DMAPI (bsc#932900).
  • xfs_dmapi: fix transaction ilocks (bsc#932899).
  • xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897).
  • xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file’s ops (bsc#932898).

References

0.44 Medium

EPSS

Percentile

97.0%

Related for SUSE-SU-2015:1324-1