Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:0168-1

Опубликовано: 19 янв. 2016
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed:

  • CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).
  • CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).
  • CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
  • CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).
  • CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).
  • CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
  • CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).

The following non-security bugs were fixed:

  • ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).
  • ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
  • Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
  • Re-add copy_page_vector_to_user()
  • Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).
  • Refresh patches.xen/xen3-patch-3.9 (bsc#951155).
  • Update patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction-.patch (bnc#935087, bnc#945649, bnc#951615).
  • bcache: Add btree_insert_node() (bnc#951638).
  • bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
  • bcache: Clean up keylist code (bnc#951638).
  • bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638).
  • bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
  • bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
  • bcache: Explicitly track btree node's parent (bnc#951638).
  • bcache: Fix a bug when detaching (bsc#951638).
  • bcache: Fix a lockdep splat in an error path (bnc#951638).
  • bcache: Fix a shutdown bug (bsc#951638).
  • bcache: Fix more early shutdown bugs (bsc#951638).
  • bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
  • bcache: Insert multiple keys at a time (bnc#951638).
  • bcache: Refactor journalling flow control (bnc#951638).
  • bcache: Refactor request_write() (bnc#951638).
  • bcache: Use blkdev_issue_discard() (bnc#951638).
  • bcache: backing device set to clean after finishing detach (bsc#951638).
  • bcache: kill closure locking usage (bnc#951638).
  • blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).
  • blktap: refine mm tracking (bsc#952976).
  • block: Always check queue limits for cloned requests (bsc#902606).
  • btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
  • btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647).
  • btrfs: Fix out-of-space bug (bsc#958647).
  • btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
  • btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647).
  • btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).
  • btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649).
  • btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649).
  • btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647).
  • btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649).
  • btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649).
  • btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
  • btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).
  • btrfs: fix condition of commit transaction (bsc#958647).
  • btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649).
  • btrfs: fix order by which delayed references are run (bnc#949440).
  • btrfs: fix qgroup sanity tests (bnc#951615).
  • btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
  • btrfs: fix regression running delayed references when using qgroups (bnc#951615).
  • btrfs: fix regression when running delayed references (bnc#951615).
  • btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300).
  • btrfs: fix the number of transaction units needed to remove a block group (bsc#958647).
  • btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649).
  • btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649).
  • btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649).
  • btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649).
  • btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
  • btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649).
  • btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649).
  • btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649).
  • btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300).
  • btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649).
  • btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649).
  • btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649).
  • btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
  • btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649).
  • btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649).
  • btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649).
  • btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).
  • btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
  • btrfs: qgroup: fix quota disable during rescan (bnc#960300).
  • btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649).
  • btrfs: remove transaction from send (bnc#935087, bnc#945649).
  • btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
  • btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649).
  • btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647).
  • cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
  • cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395).
  • drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
  • drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801).
  • drm: Fix KABI of 'struct drm_file' (bsc#956876, bsc#956801).
  • e1000e: Do not read ICR in Other interrupt (bsc#924919).
  • e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
  • e1000e: Fix msi-x interrupt automask (bsc#924919).
  • e1000e: Remove unreachable code (bsc#924919).
  • genksyms: Handle string literals with spaces in reference files (bsc#958510).
  • ipv6: fix tunnel error handling (bsc#952579).
  • lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
  • mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).
  • mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).
  • pm, hinernate: use put_page in release_swap_writer (bnc#943959).
  • sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395).
  • udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364).
  • xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546).

Список пакетов

SUSE Linux Enterprise Desktop 12
kernel-default-3.12.51-52.34.1
kernel-default-devel-3.12.51-52.34.1
kernel-default-extra-3.12.51-52.34.1
kernel-devel-3.12.51-52.34.1
kernel-macros-3.12.51-52.34.1
kernel-source-3.12.51-52.34.1
kernel-syms-3.12.51-52.34.1
kernel-xen-3.12.51-52.34.1
kernel-xen-devel-3.12.51-52.34.1
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_51-52_34-default-1-2.1
kgraft-patch-3_12_51-52_34-xen-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12
kernel-ec2-3.12.51-52.34.1
kernel-ec2-devel-3.12.51-52.34.1
kernel-ec2-extra-3.12.51-52.34.1
SUSE Linux Enterprise Server 12
kernel-default-3.12.51-52.34.1
kernel-default-base-3.12.51-52.34.1
kernel-default-devel-3.12.51-52.34.1
kernel-default-man-3.12.51-52.34.1
kernel-devel-3.12.51-52.34.1
kernel-macros-3.12.51-52.34.1
kernel-source-3.12.51-52.34.1
kernel-syms-3.12.51-52.34.1
kernel-xen-3.12.51-52.34.1
kernel-xen-base-3.12.51-52.34.1
kernel-xen-devel-3.12.51-52.34.1
SUSE Linux Enterprise Server for SAP Applications 12
kernel-default-3.12.51-52.34.1
kernel-default-base-3.12.51-52.34.1
kernel-default-devel-3.12.51-52.34.1
kernel-default-man-3.12.51-52.34.1
kernel-devel-3.12.51-52.34.1
kernel-macros-3.12.51-52.34.1
kernel-source-3.12.51-52.34.1
kernel-syms-3.12.51-52.34.1
kernel-xen-3.12.51-52.34.1
kernel-xen-base-3.12.51-52.34.1
kernel-xen-devel-3.12.51-52.34.1
SUSE Linux Enterprise Software Development Kit 12
kernel-docs-3.12.51-52.34.3
kernel-obs-build-3.12.51-52.34.1
SUSE Linux Enterprise Workstation Extension 12
kernel-default-extra-3.12.51-52.34.1

Ссылки

Описание

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки

Описание

The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:kernel-default-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-devel-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-default-extra-3.12.51-52.34.1
SUSE Linux Enterprise Desktop 12:kernel-devel-3.12.51-52.34.1
Ссылки
Уязвимость SUSE-SU-2016:0168-1