Описание
Security update for the Linux Kernel
The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948).
- CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955).
- CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956).
- CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911).
- CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970).
- CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418).
- CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892).
- CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958).
- CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124).
- CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628).
- CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360).
The following non-security bugs were fixed:
- ALSA: timer: Call notifier in the same spinlock (bsc#973378).
- ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).
- ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).
- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
- Backport arm64 patches from SLE12-SP1-ARM
- Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes.
- Revert 'drm/radeon: call hpd_irq_event on resume' (boo#975868).
- Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module.
- backends: guarantee one time reads of shared ring contents (bsc#957988).
- ext4: fix races between buffered IO and collapse / insert range (bsc#972174).
- ext4: fix races between page faults and hole punching (bsc#972174).
- ext4: fix races of writeback with punch hole and zero range (bsc#972174).
- ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).
- net: thunderx: Use napi_schedule_irqoff()
- netback: do not use last request to determine minimum Tx credit (bsc#957988).
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1382-1
- SUSE Security Ratings
Описание
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Затронутые продукты
Ссылки
- CVE-2016-2185
- SUSE Bug 971124
Описание
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Затронутые продукты
Ссылки
- CVE-2016-2186
- SUSE Bug 970958
Описание
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Затронутые продукты
Ссылки
- CVE-2016-2188
- SUSE Bug 1067912
- SUSE Bug 1132190
- SUSE Bug 970956
Описание
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
Затронутые продукты
Ссылки
- CVE-2016-2847
- SUSE Bug 970948
- SUSE Bug 974646
Описание
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
Затронутые продукты
Ссылки
- CVE-2016-3136
- SUSE Bug 970955
Описание
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
Затронутые продукты
Ссылки
- CVE-2016-3137
- SUSE Bug 970970
Описание
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
Затронутые продукты
Ссылки
- CVE-2016-3138
- SUSE Bug 970911
- SUSE Bug 970970
Описание
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Затронутые продукты
Ссылки
- CVE-2016-3140
- SUSE Bug 970892
Описание
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
Затронутые продукты
Ссылки
- CVE-2016-3156
- SUSE Bug 971360
Описание
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
Затронутые продукты
Ссылки
- CVE-2016-3689
- SUSE Bug 971628
Описание
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
Затронутые продукты
Ссылки
- CVE-2016-3951
- SUSE Bug 974418