The SUSE Linux Enterprise 12 kernel was updated to receive various
security and bugfixes.
Following security bugs were fixed:
- CVE-2015-7550: A local user could have triggered a race between read and
revoke in keyctl (bnc#958951).
- CVE-2015-8539: A negatively instantiated user key could have been used
by a local user to leverage privileges (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel did not
validate protocol identifiers for certain protocol families, which
allowed local users to cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain privileges by leveraging
CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service or arbitrary code execution (depending on the configuration)
(bsc#957988).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to
prevent information leak (bsc#959399).
The following non-security bugs were fixed:
- ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).
- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- Input: aiptek - fix crash on detecting device without endpoints
(bnc#956708).
- Re-add copy_page_vector_to_user()
- Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).
- Refresh patches.xen/xen3-patch-3.9 (bsc#951155).
- Update
patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction
-.patch (bnc#935087, bnc#945649, bnc#951615).
- bcache: Add btree_insert_node() (bnc#951638).
- bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
- bcache: Clean up keylist code (bnc#951638).
- bcache: Convert btree_insert_check_key() to btree_insert_node()
(bnc#951638).
- bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
- bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
- bcache: Explicitly track btree node’s parent (bnc#951638).
- bcache: Fix a bug when detaching (bsc#951638).
- bcache: Fix a lockdep splat in an error path (bnc#951638).
- bcache: Fix a shutdown bug (bsc#951638).
- bcache: Fix more early shutdown bugs (bsc#951638).
- bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
- bcache: Insert multiple keys at a time (bnc#951638).
- bcache: Refactor journalling flow control (bnc#951638).
- bcache: Refactor request_write() (bnc#951638).
- bcache: Use blkdev_issue_discard() (bnc#951638).
- bcache: backing device set to clean after finishing detach (bsc#951638).
- bcache: kill closure locking usage (bnc#951638).
- blktap: also call blkif_disconnect() when frontend switched to closed
(bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- block: Always check queue limits for cloned requests (bsc#902606).
- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
- btrfs: Adjust commit-transaction condition to avoid NO_SPACE more
(bsc#958647).
- btrfs: Fix out-of-space bug (bsc#958647).
- btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
- btrfs: Set relative data on clear btrfs_block_group_cache->pinned
(bsc#958647).
- btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).
- btrfs: backref: Add special time_seq == (u64)-1 case for
btrfs_find_all_roots() (bnc#935087, bnc#945649).
- btrfs: backref: Do not merge refs which are not for same block
(bnc#935087, bnc#945649).
- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).
- btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,
bnc#945649).
- btrfs: delayed-ref: Use list to replace the ref_root in ref_head
(bnc#935087, bnc#945649).
- btrfs: extent-tree: Use ref_node to replace unneeded parameters in
__inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
- btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).
- btrfs: fix condition of commit transaction (bsc#958647).
- btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,
bnc#945649).
- btrfs: fix order by which delayed references are run (bnc#949440).
- btrfs: fix qgroup sanity tests (bnc#951615).
- btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
- btrfs: fix regression running delayed references when using qgroups
(bnc#951615).
- btrfs: fix regression when running delayed references (bnc#951615).
- btrfs: fix sleeping inside atomic context in qgroup rescan worker
(bnc#960300).
- btrfs: fix the number of transaction units needed to remove a block
group (bsc#958647).
- btrfs: keep dropped roots in cache until transaction commit (bnc#935087,
bnc#945649).
- btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,
bnc#945649).
- btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,
bnc#945649).
- btrfs: qgroup: Add new function to record old_roots (bnc#935087,
bnc#945649).
- btrfs: qgroup: Add new qgroup calculation function
btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
- btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots
(bnc#935087, bnc#945649).
- btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read
(bnc#935087, bnc#945649).
- btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,
bnc#945649).
- btrfs: qgroup: Do not copy extent buffer to do qgroup rescan
(bnc#960300).
- btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,
bnc#945649).
- btrfs: qgroup: Make snapshot accounting work with new extent-oriented
qgroup (bnc#935087, bnc#945649).
- btrfs: qgroup: Record possible quota-related extent for qgroup
(bnc#935087, bnc#945649).
- btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
- btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism
(bnc#935087, bnc#945649).
- btrfs: qgroup: Switch to new extent-oriented qgroup mechanism
(bnc#935087, bnc#945649).
- btrfs: qgroup: account shared subtree during snapshot delete
(bnc#935087, bnc#945649).
- btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).
- btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
- btrfs: qgroup: fix quota disable during rescan (bnc#960300).
- btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,
bnc#945649).
- btrfs: remove transaction from send (bnc#935087, bnc#945649).
- btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
- btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,
bnc#945649).
- btrfs: use global reserve when deleting unused block group after ENOSPC
(bsc#958647).
- cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
- cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
(bsc#957395).
- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
- drm: Allocate new master object when client becomes master (bsc#956876,
bsc#956801).
- drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).
- e1000e: Do not read ICR in Other interrupt (bsc#924919).
- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
- e1000e: Fix msi-x interrupt automask (bsc#924919).
- e1000e: Remove unreachable code (bsc#924919).
- genksyms: Handle string literals with spaces in reference files
(bsc#958510).
- ipv6: fix tunnel error handling (bsc#952579).
- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
- mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).
- mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).
- pm, hinernate: use put_page in release_swap_writer (bnc#943959).
- sched, isolcpu: make cpu_isolated_map visible outside scheduler
(bsc#957395).
- udp: properly support MSG_PEEK with truncated buffers (bsc#951199
bsc#959364).
- xhci: Workaround to get Intel xHCI reset working more reliably
(bnc#957546).