SUSE-SU-2015:2194-1

Описание

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes.

Following security bugs were fixed:

• CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).
• CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155).
• CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack (bnc#926238).
• CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
• CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).
• CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384).
• CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).
• CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).

The following non-security bugs were fixed:

• ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).
• Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236 (bsc#953796).
• Btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053).
• Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
• Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
• Fix regression in NFSRDMA server (bsc#951110).
• KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440).
• KVM: x86: call irq notifiers with directed EOI (bsc#950862).
• NVMe: Add shutdown timeout as module parameter (bnc#936076).
• NVMe: Mismatched host/device page size support (bsc#935961).
• PCI: Drop 'setting latency timer' messages (bsc#956047).
• SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).
• SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
• SUNRPC: Fix oops when trace sunrpc_task events in nfs client (bnc#956703).
• Sync ppc64le netfilter config options with other archs (bnc#951546)
• Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
• apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949).
• apparmor: temporary work around for bug while unloading policy (boo#941867).
• audit: correctly record file names with different path name types (bsc#950013).
• audit: create private file name copies when auditing inodes (bsc#950013).
• cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773).
• dlm: make posix locks interruptible, (bsc#947241).
• dm sysfs: introduce ability to add writable attributes (bsc#904348).
• dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
• dm: do not start current request if it would've merged with the previous (bsc#904348).
• dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348).
• dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).
• drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938).
• drm/i915: add hotplug activation period to hotplug update mask (bsc#953980).
• fanotify: fix notification of groups with inode and mount marks (bsc#955533).
• genirq: Make sure irq descriptors really exist when __irq_alloc_descs returns (bsc#945626).
• hv: vss: run only on supported host versions (bnc#949504).
• ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
• ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags (bsc#947321).
• ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).
• ipv6: Extend the route lookups to low priority metrics (bsc#947321).
• ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).
• ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).
• ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
• ipvs: drop first packet to dead server (bsc#946078).
• kABI: protect struct ahci_host_priv.
• kABI: protect struct rt6_info changes from bsc#947321 changes (bsc#947321).
• kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).
• kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
• kabi: Restore kabi in struct se_cmd (bsc#954635).
• kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
• kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).
• kgr: fix migration of kthreads to the new universe.
• kgr: wake up kthreads periodically.
• ktime: add ktime_after and ktime_before helper (bsc#904348).
• macvlan: Support bonding events (bsc#948521).
• net: add length argument to skb_copy_and_csum_datagram_iovec (bsc#951199).
• net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec() (bsc#951199).
• pci: Update VPD size with correct length (bsc#924493).
• rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706).
• ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711).
• route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
• rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145).
• rtc: cmos: Revert 'rtc-cmos: Add an alarm disable quirk' (bsc#930145).
• sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100).
• sunrpc/cache: make cache flushing more reliable (bsc#947478).
• supported.conf: Add missing dependencies of supported modules hwmon_vid needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by ramoops
• supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio
• target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
• target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).
• target/rbd: fix PR info memory leaks (bnc#948831).
• target: Send UA upon LUN RESET tmr completion (bsc#933514).
• target: use '^A' when allocating UAs (bsc#933514).
• usbvision fix overflow of interfaces array (bnc#950998).
• vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
• vmxnet3: adjust ring sizes when interface is down (bsc#950750).
• x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down (bsc#940853).
• x86/evtchn: make use of PHYSDEVOP_map_pirq.
• x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148).
• x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148).
• xfs: DIO needs an ioend for writes (bsc#949744).
• xfs: DIO write completion size updates race (bsc#949744).
• xfs: DIO writes within EOF do not need an ioend (bsc#949744).
• xfs: always drain dio before extending aio write submission (bsc#949744).
• xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
• xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
• xfs: factor DIO write mapping from get_blocks (bsc#949744).
• xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
• xfs: move DIO mapping size calculation (bsc#949744).
• xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
• xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165).
• xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).