SUSE-SU-2015:2194-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20152194-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:2194-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:2194-1
Related
Published
2015-12-04T09:34:09Z
Modified
2015-12-04T09:34:09Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes.

Following security bugs were fixed: - CVE-2015-7799: The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-5283: The sctpinit function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). - CVE-2015-2925: The prependpath function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack (bnc#926238). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-7872: The keygcunusedkeys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).

The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236 (bsc#953796). - Btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - Btrfs: fix truncation of compressed and inlined extents (bnc#956053). - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546) - Fix regression in NFSRDMA server (bsc#951110). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - KVM: x86: call irq notifiers with directed EOI (bsc#950862). - NVMe: Add shutdown timeout as module parameter (bnc#936076). - NVMe: Mismatched host/device page size support (bsc#935961). - PCI: Drop 'setting latency timer' messages (bsc#956047). - SCSI: Fix hard lockup in scsiremovetarget() (bsc#944749). - SCSI: hosts: update to use idasimple for hostno (bsc#939926) - SUNRPC: Fix oops when trace sunrpctask events in nfs client (bnc#956703). - Sync ppc64le netfilter config options with other archs (bnc#951546) - Update kabi files with sbcparsecdb symbol change (bsc#954635). - apparmor: allow SYSCAPRESOURCE to be sufficient to prlimit another task (bsc#921949). - apparmor: temporary work around for bug while unloading policy (boo#941867). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - dlm: make posix locks interruptible, (bsc#947241). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dmrequestfn's merge heuristic (bsc#904348). - dmapi: Fix xfs dmapi to not unlock and lock XFSILOCKEXCL (bsc#949744). - drm/i915: Avoid race of intelcrtdetecthotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fanotify: fix notification of groups with inode and mount marks (bsc#955533). - genirq: Make sure irq descriptors really exist when _irqallocdescs returns (bsc#945626). - hv: vss: run only on supported host versions (bnc#949504). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: Check RTFLOCAL on rt->rt6iflags instead of rt->dst.flags (bsc#947321). - ipv6: Consider RTFCACHE when searching the fib6 tree (bsc#947321). - ipv6: Extend the route lookups to low priority metrics (bsc#947321). - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321). - ipv6: Stop rt6info from using inetpeer's metrics (bsc#947321). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipvs: drop first packet to dead server (bsc#946078). - kABI: protect struct ahcihostpriv. - kABI: protect struct rt6info changes from bsc#947321 changes (bsc#947321). - kabi: Hide rt6* types from genksyms on ppc64le (bsc#951546). - kabi: Restore kabi in struct iscsitpgattrib (bsc#954635). - kabi: Restore kabi in struct secmd (bsc#954635). - kabi: Restore kabi in struct sesubsystemapi (bsc#954635). - kabi: protect skbcopyandcsumdatagramiovec() signature (bsc#951199). - kgr: fix migration of kthreads to the new universe. - kgr: wake up kthreads periodically. - ktime: add ktimeafter and ktimebefore helper (bsc#904348). - macvlan: Support bonding events (bsc#948521). - net: add length argument to skbcopyandcsumdatagramiovec (bsc#951199). - net: handle null iovec pointer in skbcopyandcsumdatagramiovec() (bsc#951199). - pci: Update VPD size with correct length (bsc#924493). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - ring-buffer: Always run per-cpu ring buffer resize with scheduleworkon() (bnc#956711). - route: Use ipv4mtu instead of raw rtpmtu (bsc#955224). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtc: cmos: Revert 'rtc-cmos: Add an alarm disable quirk' (bsc#930145). - sched/core: Fix task and run queue schedinfo::rundelay inconsistencies (bnc#949100). - sunrpc/cache: make cache flushing more reliable (bsc#947478). - supported.conf: Add missing dependencies of supported modules hwmonvid needed by nct6775 hwmonvid needed by w83627ehf reedsolomon needed by ramoops - supported.conf: Fix dependencies on ppc64le ofmdio needed by mdio-gpio - target/pr: fix corescsi3prseqnonholder() caller (bnc#952666). - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831). - target/rbd: fix PR info memory leaks (bnc#948831). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use '^A' when allocating UAs (bsc#933514). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down (bsc#940853). - x86/evtchn: make use of PHYSDEVOPmappirq. - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass syncglobalpgds() a correct argument in removepagetable() (VM Functionality, bnc#955148). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from getblocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using genericfiledirectwrite() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-default-extra": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-default-extra": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-default-extra": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-default-extra": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 / kgraft-patch-SLE12_Update_9

Package

Name
kgraft-patch-SLE12_Update_9
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-2.2

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-3_12_51-52_31-xen": "1-2.2",
            "kgraft-patch-3_12_51-52_31-default": "1-2.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.51-52.31.1",
            "kernel-ec2": "3.12.51-52.31.1",
            "kernel-ec2-devel": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / kernel-docs

Package

Name
kernel-docs
Purl
purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.5

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "3.12.51-52.31.5",
            "kernel-obs-build": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "3.12.51-52.31.5",
            "kernel-obs-build": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.51-52.31.1",
            "kernel-devel": "3.12.51-52.31.1",
            "kernel-default-base": "3.12.51-52.31.1",
            "kernel-default-man": "3.12.51-52.31.1",
            "kernel-xen-devel": "3.12.51-52.31.1",
            "kernel-default": "3.12.51-52.31.1",
            "kernel-source": "3.12.51-52.31.1",
            "kernel-xen-base": "3.12.51-52.31.1",
            "kernel-syms": "3.12.51-52.31.1",
            "kernel-default-devel": "3.12.51-52.31.1",
            "kernel-xen": "3.12.51-52.31.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.51-52.31.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "3.12.51-52.31.1"
        }
    ]
}