SUSE-SU-2017:0407-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170407-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0407-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0407-1
Related
Published
2017-02-06T14:41:53Z
Modified
2017-02-06T14:41:53Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).
  • CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).
  • CVE-2015-8964: Fixed a bug in the ttysettermios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).
  • CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).
  • CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).
  • CVE-2016-7911: Fixed a race condition in the gettaskioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).
  • CVE-2016-7913: Fixed a bug in the xc2028setconfig function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).
  • CVE-2016-7914: The assocarrayinsertintoterminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
  • CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).
  • CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831).
  • CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833).
  • CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969).
  • CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754).
  • CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197).
  • CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197).
  • CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
  • CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604).
  • CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038).
  • CVE-2016-9793: The net subsystem mishandled negative values of sksndbuf and skrcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531).
  • CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533).
  • CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540).
  • CVE-2017-2583: kvm: x86: fixed emulation of 'MOV SS, null selector' (bsc#1020602).
  • CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851).
  • CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).

The following non-security bugs were fixed:

  • 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
  • blockdev: do not test bdev->bdcontains when it is not stable (bsc#1008557).
  • bna: Add synchronization for tx ring (bsc#993739).
  • bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056).
  • bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
  • bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
  • btrfs: Ensure proper sector alignment for btrfsfreereserveddataspace (bsc#1005666).
  • btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).
  • btrfs: Revert 'do not delay inode ref updates during log replay' (bsc#987192).
  • btrfs: bugfix: handle FSIOC32{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100).
  • btrfs: do not delay inode ref updates during log replay (bsc#987192).
  • btrfs: fix incremental send failure caused by balance (bsc#985850).
  • btrfs: fix relocation incorrectly dropping data references (bsc#990384).
  • btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).
  • btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).
  • btrfs: remove old treeroot dirent processing in btrfsreal_readdir() (bsc#981709).
  • btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
  • cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876).
  • cpuset: fix schedloadbalance that was accidentally broken in a previous update (bsc#1010294).
  • ext4: fix data exposure after a crash (bsc#1012985).
  • fs/dcache: move the call of _ddrop(anon) into _dmaterialise_unique(dentry, anon) (bsc#984194).
  • fuse: do not use iocb after it may have been freed (bsc#1012985).
  • hpilo: Add support for iLO5 (bsc#999101).
  • ib/core: Avoid unsigned int overflow in sgalloctable (bsc#924381 bsc#921338).
  • ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
  • ib/mlx5: Fix entries check in mlx5ibresize_cq (bnc#858727).
  • ib/mlx5: Fix entries checks in mlx5ibcreate_cq (bnc#858727).
  • ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
  • ibmveth: calculate gso_segs for large packets (bsc#1019148).
  • ibmveth: check return of skblinearize in ibmvethstart_xmit (bsc#1019148).
  • ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
  • ibmveth: set correct gsosize and gsotype (bsc#1019148).
  • igb: Fix oops caused by missing queue pairing (bnc#857394).
  • ipmisi: create hardware-independent softdep for ipmidevintf (bsc#1009062).
  • ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
  • ipv4: Fix ipqueuexmit to pass sk into iplocalout_sk (bsc#938963).
  • kabi: protect _skmem_reclaim (kabi).
  • kabi: protect struct perfeventcontext (kabi).
  • kabi: reintroduce sk_filter (kabi).
  • kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072).
  • kgr: ignore zombie tasks during the patching (bnc#1008979).
  • kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612).
  • kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
  • net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
  • net/mlx5: Fix typo in mlx5queryport_pvlc (bnc#923036).
  • net/mlx5e: Do not modify CQ before it was created (bnc#923036).
  • net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036).
  • net/mlx5e: Fix MLX5E100BASET define (bnc#923036).
  • net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
  • netback: correct array index (bsc#983348).
  • nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).
  • nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
  • nfsv4: Fix 'NFS Lock reclaim failed' errors (bsc#1014410).
  • ocfs2: fix BUGON() in ocfs2ci_checkpointed() (bnc#1019783).
  • posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus.
  • powerpc/pseries: Use HCLEARHPT to clear MMU hash table during kexec (bsc#1003813).
  • proc: avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260).
  • raid1: ignore discard error (bsc#1017164).
  • reiserfs: fix race in prealloc discard (bsc#987576).
  • rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
  • rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060)
  • rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
  • serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).
  • sfc: clear napi_hash state when copying channels (bsc#923037).
  • sfc: fix potential stack corruption from running past stat bitmask (bsc#923037).
  • sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
  • sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).
  • sunrpc: Fix reconnection timeouts (bsc#1014410).
  • sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).
  • target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273).
  • target: add XCOPY target/segment desc sense codes (bsc#991273).
  • target: bounds check XCOPY segment descriptor list (bsc#991273).
  • target: bounds check XCOPY total descriptor list length (bsc#991273).
  • target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
  • target: check for XCOPY parameter truncation (bsc#991273).
  • target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273).
  • target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
  • target: support XCOPY requests without parameters (bsc#991273).
  • target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
  • target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
  • tg3: Avoid NULL pointer dereference in tg3ioerror_detected() (bsc#921778).
  • tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
  • x86/apic: Order irqenter/exit() calls correctly vs. ackAPIC_irq() (bsc#1013479).
  • xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
  • xenbus: correctly signal errors from xenstoredlocalinit() (luckily none so far).
  • xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560).
  • xfs: refactor xlogrecoverprocess_data() (bsc#1019300).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-compute

Package

Name
kernel-compute
Purl
purl:rpm/suse/kernel-compute&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-compute_debug

Package

Name
kernel-compute_debug
Purl
purl:rpm/suse/kernel-compute_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP1 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.69-60.30.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-compute-base": "3.12.69-60.30.1",
            "kernel-compute-devel": "3.12.69-60.30.1",
            "kernel-devel-rt": "3.12.69-60.30.1",
            "kernel-compute_debug-devel": "3.12.69-60.30.1",
            "kernel-rt-devel": "3.12.69-60.30.1",
            "kernel-compute": "3.12.69-60.30.1",
            "kernel-rt_debug-devel": "3.12.69-60.30.1",
            "kernel-source-rt": "3.12.69-60.30.1",
            "kernel-rt": "3.12.69-60.30.1",
            "kernel-syms-rt": "3.12.69-60.30.1",
            "kernel-rt-base": "3.12.69-60.30.1"
        }
    ]
}