SUSE-SU-2015:2292-1

Описание

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes.

Following features were added:

• hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784).

Following security bugs were fixed:

• CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354)
• CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776).
• CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).
• CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).
• CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack (bnc#926238).
• CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384).

The following non-security bugs were fixed:

• af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986, LTC#131684).
• alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).
• alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).
• alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).
• apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949).
• audit: correctly record file names with different path name types (bsc#950013).
• audit: create private file name copies when auditing inodes (bsc#950013).
• bcache: Add btree_insert_node() (bnc#951638).
• bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
• bcache: backing device set to clean after finishing detach (bsc#951638).
• bcache: backing device set to clean after finishing detach (bsc#951638).
• bcache: Clean up keylist code (bnc#951638).
• bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638).
• bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
• bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
• bcache: Explicitly track btree node's parent (bnc#951638).
• bcache: Fix a bug when detaching (bsc#951638).
• bcache: Fix a lockdep splat in an error path (bnc#951638).
• bcache: Fix a shutdown bug (bsc#951638).
• bcache: Fix more early shutdown bugs (bsc#951638).
• bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
• bcache: Insert multiple keys at a time (bnc#951638).
• bcache: kill closure locking usage (bnc#951638).
• bcache: Refactor journalling flow control (bnc#951638).
• bcache: Refactor request_write() (bnc#951638).
• bcache: Use blkdev_issue_discard() (bnc#951638).
• btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647).
• btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647).
• btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647).
• btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647).
• btrfs: fix condition of commit transaction (bsc#958647).
• btrfs: fix condition of commit transaction (bsc#958647).
• btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053).
• btrfs: Fix out-of-space bug (bsc#958647).
• btrfs: Fix out-of-space bug (bsc#958647).
• btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
• btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
• btrfs: fix the number of transaction units needed to remove a block group (bsc#958647).
• btrfs: fix the number of transaction units needed to remove a block group (bsc#958647).
• btrfs: fix truncation of compressed and inlined extents (bnc#956053).
• btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647).
• btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647).
• btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647).
• btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647).
• cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
• cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773).
• cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395).
• cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (bsc#950580).
• dlm: make posix locks interruptible, (bsc#947241).
• dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744).
• dm: do not start current request if it would've merged with the previous (bsc#904348).
• dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348).
• dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
• dm sysfs: introduce ability to add writable attributes (bsc#904348).
• drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801).
• drm: Fix KABI of 'struct drm_file' (bsc#956876, bsc#956801).
• drm/i915: add hotplug activation period to hotplug update mask (bsc#953980).
• drm/i915: clean up backlight conditional build (bsc#941113).
• drm/i915: debug print on backlight register (bsc#941113).
• drm/i915: do full backlight setup at enable time (bsc#941113).
• drm/i915: do not save/restore backlight registers in KMS (bsc#941113).
• drm/i915: Eliminate lots of WARNs when there's no backlight present (bsc#941113).
• drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971).
• drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971).
• drm/i915: Fix missing backlight update during panel disablement (bsc#941113).
• drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
• drm/i915: gather backlight information at setup (bsc#941113).
• drm/i915: handle backlight through chip specific functions (bsc#941113).
• drm/i915: Ignore 'digital output' and 'not HDMI output' bits for eDP detection (bsc#949192).
• drm/i915: make asle notifications update backlight on all connectors (bsc#941113).
• drm/i915: make backlight info per-connector (bsc#941113).
• drm/i915: move backlight level setting in enable/disable to hooks (bsc#941113).
• drm/i915: move opregion asle request handling to a work queue (bsc#953826).
• drm/i915: nuke get max backlight functions (bsc#941113).
• drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826).
• drm/i915: restore backlight precision when converting from ACPI (bsc#941113).
• drm/i915/tv: add ->get_config callback (bsc#953830).
• drm/i915: use backlight legacy combination mode also for i915gm/i945gm (bsc#941113).
• drm/i915: use the initialized backlight max value instead of reading it (bsc#941113).
• drm/i915: vlv does not have pipe field in backlight registers (bsc#941113).
• fanotify: fix notification of groups with inode & mount marks (bsc#955533).
• Fix remove_and_add_spares removes drive added as spare in slot_store (bsc#956717).
• genksyms: Handle string literals with spaces in reference files (bsc#958510).
• genksyms: Handle string literals with spaces in reference files (bsc#958510).
• hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). in the non-RT kernel to minimize the differences.
• ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
• ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
• ixgbe: fix broken PFC with X550 (bsc#951864).
• ixgbe: use correct fcoe ddp max check (bsc#951864).
• kabi: Fix spurious kabi change in mm/util.c.
• kABI: protect struct ahci_host_priv.
• kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
• kabi: Restore kabi in struct se_cmd (bsc#954635).
• kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
• ktime: add ktime_after and ktime_before helper (bsc#904348).
• mm: factor commit limit calculation (VM Performance).
• mm: get rid of 'vmalloc_info' from /proc/meminfo (VM Performance).
• mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault (Automatic NUMA Balancing (fate#315482)).
• mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).
• mm: vmscan: never isolate more pages than necessary (VM Performance).
• Move ktime_after patch to the networking section
• nfsrdma: Fix regression in NFSRDMA server (bsc#951110).
• pci: Drop 'setting latency timer' messages (bsc#956047).
• pci: Update VPD size with correct length (bsc#924493).
• perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136).
• perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136).
• perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136).
• perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136).
• pm, hinernate: use put_page in release_swap_writer (bnc#943959).
• rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706).
• Re-add copy_page_vector_to_user()
• ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711).
• route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
• rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.
• rpm/kernel-binary.spec.in: Always build zImage for ARM
• rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.
• rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the parent directory of the O= directory.
• rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags}
• rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.
• rpm/kernel-binary.spec.in: Use upstream script to support config.addon
• s390/dasd: fix disconnected device with valid path mask (bnc#954986, LTC#132707).
• s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986, LTC#132706).
• s390/dasd: fix list_del corruption after lcu changes (bnc#954986, LTC#133077).
• sched: Call select_idle_sibling() when not affine_sd (Scheduler Performance).
• sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100).
• sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395).
• sched/numa: Check all nodes when placing a pseudo-interleaved group (Automatic NUMA Balancing (fate#315482)).
• sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA Balancing (fate#315482)).
• sched/numa: Only consider less busy nodes as numa balancing destinations (Automatic NUMA Balancing (fate#315482)).
• sched: Put expensive runtime debugging checks under a separate Kconfig entry (Scheduler performance).
• scsi: hosts: update to use ida_simple for host_no (bsc#939926)
• sunrpc/cache: make cache flushing more reliable (bsc#947478).
• sunrpc: Fix oops when trace sunrpc_task events in nfs client (bnc#956703).
• supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are supported in the RT kernel for a long time so we can also support them
• target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
• target: Send UA upon LUN RESET tmr completion (bsc#933514).
• target: use 'se_dev_entry' when allocating UAs (bsc#933514).
• Update config files. (bnc#955644)
• Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
• usbvision fix overflow of interfaces array (bnc#950998).
• vmxnet3: adjust ring sizes when interface is down (bsc#950750).
• vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
• x86/efi: Fix invalid parameter error when getting hibernation key (fate#316350, bsc#956284).
• x86/evtchn: make use of PHYSDEVOP_map_pirq.
• x86/mm: Add parenthesis for TLB tracepoint size calculation (VM Performance (Reduce IPIs during reclaim)).
• x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148).
• x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148).
• x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate() (bsc#953717).
• xen: fix boot crash in EC2 settings (bsc#956147).
• xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147).
• xen: Update Xen patches to 3.12.50.
• xfs: always drain dio before extending aio write submission (bsc#949744).
• xfs: DIO needs an ioend for writes (bsc#949744).
• xfs: DIO write completion size updates race (bsc#949744).
• xfs: DIO writes within EOF do not need an ioend (bsc#949744).
• xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
• xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
• xfs: factor DIO write mapping from get_blocks (bsc#949744).
• xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
• xfs: move DIO mapping size calculation (bsc#949744).
• xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
• xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165).
• xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546).
• zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479).