SUSE-SU-2016:3069-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20163069-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3069-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:3069-1
Related
Published
2016-12-09T13:20:33Z
Modified
2016-12-09T13:20:33Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.

This feature was added:

  • Support for the 2017 Intel Purley platform.

The following security bugs were fixed:

  • CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).
  • CVE-2016-0823: The pagemapopen function in fs/proc/taskmmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).
  • CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).
  • CVE-2016-6828: Use after free in tcpxmitretransmitqueue or other tcp functions (bsc#994296)
  • CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)
  • CVE-2016-6480: Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608)
  • CVE-2016-4997: The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).
  • CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvmvmioctlsetpit and kvmvmioctlsetpit2 functions (bnc#960689).
  • CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).
  • CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsriopmessage_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932)

The following non-security bugs were fixed:

  • ahci: Order SATA device IDs for codename Lewisburg.
  • AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.
  • ALSA: hda - Add Intel Lewisburg device IDs Audio.
  • avoid dentry crash triggered by NFS (bsc#984194).
  • blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
  • blktap2: eliminate race from deferred work queue handling (bsc#911687).
  • bonding: always set recvprobe to bondarp_rcv in arp monitor (bsc#977687).
  • bonding: fix bondarprcv setting and arp validate desync state (bsc#977687).
  • btrfs: account for non-CoW'd blocks in btrfsaborttransaction (bsc#983619).
  • btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
  • cdc-acm: added sanity checking for probe() (bsc#993891).
  • cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).
  • Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514)
  • fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
  • fs/select: add vmalloc fallback for select(2) (bsc#1000189).
  • fs/select: introduce SIZE_MAX (bsc#1000189).
  • i2c: i801: add Intel Lewisburg device IDs.
  • include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes).
  • increase CONFIGNRIRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIGNRIRQS (bsc#998399)
  • kabi, unix: properly account for FDs passed over unix sockets (bnc#839104).
  • kaweth: fix firmware download (bsc#993890).
  • kaweth: fix oops upon failed memory allocation (bsc#993890).
  • KVM: x86: SYSENTER emulation is broken (bsc#994618).
  • libfc: sanity check cpu number extracted from xid (bsc#988440).
  • lpfc: call lpfcslivalidatefcpiocb() with the hbalock held (bsc#951392).
  • md: lockless I/O submission for RAID1 (bsc#982783).
  • mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).
  • mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
  • net: add pfmemalloc check in skaddbacklog() (bnc#920016).
  • netback: fix flipping mode (bsc#996664).
  • nfs: Do not drop directory dentry which is in use (bsc#993127).
  • nfs: Don't disconnect open-owner on NFS4ERRBADSEQID (bsc#989261).
  • nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584).
  • nfs: Fix a regression in the read() syscall (bsc#999584).
  • nfs: Fix races in nfsrevalidatemapping (bsc#999584).
  • nfs: fix the handling of NFSINOINVALIDDATA flag in nfsrevalidate_mapping (bsc#999584).
  • nfs: Fix writeback performance issue on cache invalidation (bsc#999584).
  • nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
  • nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).
  • nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595).
  • nfsv4: Fix range checking in _nfs4getacluncached and _nfs4procsetacl (bsc#982218).
  • pci: Add pcisetvpd_size() to set VPD size (bsc#976867).
  • pciback: fix conf_space read/write overlap check.
  • powerpc: add kernel parameter iommuallocquiet (bsc#994926).
  • ppp: defer netns reference release for ppp channel (bsc#980371).
  • random32: add prandomu32max (bsc#989152).
  • rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays.
  • s390/dasd: fix hanging device after clear subchannel (bnc#994436).
  • sata: Adding Intel Lewisburg device IDs for SATA.
  • sched/core: Fix an SMP ordering race in trytowake_up() vs. schedule() (bnc#1001419).
  • sched/core: Fix a race between trytowake_up() and a woken up task (bnc#1002165).
  • sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329).
  • scsidhrdac: retry inquiry for UNIT ATTENTION (bsc#934760).
  • scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102).
  • scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
  • scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
  • scsi: ibmvfc: Set READ FCPXFERREADY DISABLED bit in PRLI (bsc#984992).
  • scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779).
  • tmpfs: change final i_blocks BUG to WARNING (bsc#991923).
  • Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fiprecvlist-are.patch (add bsc#732582 reference).
  • USB: fix typo in wMaxPacketSize validation (bsc#991665).
  • USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).
  • vlan: don't deliver frames for unknown vlans to protocols (bsc#979514).
  • vlan: mask vlan prio bits (bsc#979514).
  • xenbus: inspect the correct type in xenbusdevrequestandreply().
  • xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
  • xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
  • xfs: Silence warnings in xfsvmreleasepage() (bnc#915183 bsc#987565).
References

Affected packages

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-65.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-65.1",
            "kernel-rt-devel": "3.0.101.rt130-65.1",
            "kernel-rt_trace": "3.0.101.rt130-65.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-65.1",
            "kernel-source-rt": "3.0.101.rt130-65.1",
            "kernel-rt": "3.0.101.rt130-65.1",
            "kernel-syms-rt": "3.0.101.rt130-65.1",
            "kernel-rt-base": "3.0.101.rt130-65.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt_trace

Package

Name
kernel-rt_trace
Purl
purl:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-65.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-65.1",
            "kernel-rt-devel": "3.0.101.rt130-65.1",
            "kernel-rt_trace": "3.0.101.rt130-65.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-65.1",
            "kernel-source-rt": "3.0.101.rt130-65.1",
            "kernel-rt": "3.0.101.rt130-65.1",
            "kernel-syms-rt": "3.0.101.rt130-65.1",
            "kernel-rt-base": "3.0.101.rt130-65.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-65.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-65.1",
            "kernel-rt-devel": "3.0.101.rt130-65.1",
            "kernel-rt_trace": "3.0.101.rt130-65.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-65.1",
            "kernel-source-rt": "3.0.101.rt130-65.1",
            "kernel-rt": "3.0.101.rt130-65.1",
            "kernel-syms-rt": "3.0.101.rt130-65.1",
            "kernel-rt-base": "3.0.101.rt130-65.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-65.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-65.1",
            "kernel-rt-devel": "3.0.101.rt130-65.1",
            "kernel-rt_trace": "3.0.101.rt130-65.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-65.1",
            "kernel-source-rt": "3.0.101.rt130-65.1",
            "kernel-rt": "3.0.101.rt130-65.1",
            "kernel-syms-rt": "3.0.101.rt130-65.1",
            "kernel-rt-base": "3.0.101.rt130-65.1"
        }
    ]
}