SUSE-SU-2015:1592-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151592-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1592-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2015:1592-1
Related
Published
2015-09-09T17:05:11Z
Modified
2015-09-09T17:05:11Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes.

The following feature was added for RT: - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus support.

Following security bugs were fixed:

  • CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338).
  • CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831).
  • CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831).
  • CVE-2015-1420: A race condition in the handletopath function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517).
  • CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705).
  • CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907).
  • CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896)
  • CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463).
  • CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830).
  • CVE-2015-2830: arch/x86/kernel/entry64.S in the Linux kernel did not prevent the TSCOMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240).
  • CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429).

Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convertextentbit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAPEXTENDEDSECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drmcansleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200deviceinit fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEKHOLE/SEEKDATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinnedvm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NRFILEPAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NRFILEPAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in freepagetable (bsc#935866). - iommu/amd: Handle integer overflow in dmaopsareaalloc (bsc#931538). - iommu/amd: Handle large pages correctly in freepagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pcivfsassigned instead of ixgbevfsareassigned (bsc#927355). - kdump: fix crashkexec()/smpsendstop() race in panic() (bnc#937444). - kernel: add paniconwarn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvmirqroutingtable (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraidsas: Use correct reset sequence in adpreset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in _pagecheckaddress() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6commitmetrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix 'ip rule delete table 256' (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rqcong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4handleexception and nfs4asynchandleerror (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nrreclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pcideviceshutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix _schedsetscheduler() vs load balancing race (bnc#921430) - scsierror: add missing case statements in scsidecidedisposition() (bsc#920733). - scsi: Set hostbyte status in scsichecksense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmwpvscsi: Fix pvscsiabort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after krefput by stopen (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct userdesc as 'no segment' (bsc#920250). - x86, tls, ldt: Stop checking lm in LDTempty (bsc#920250). - xenbus: add proper handling of XSERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491).

References

Affected packages

SUSE:Linux Enterprise Real Time 11 SP3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-0.33.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-source-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-syms-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-base": "3.0.101.rt130-0.33.40.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP3 / kernel-rt_trace

Package

Name
kernel-rt_trace
Purl
pkg:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-0.33.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-source-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-syms-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-base": "3.0.101.rt130-0.33.40.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-0.33.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-source-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-syms-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-base": "3.0.101.rt130-0.33.40.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP3 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-0.33.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace": "3.0.101.rt130-0.33.40.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-0.33.40.1",
            "kernel-source-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-syms-rt": "3.0.101.rt130-0.33.40.1",
            "kernel-rt-base": "3.0.101.rt130-0.33.40.1"
        }
    ]
}