openSUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0713-1
Rating:             important
References:         #867199 #893428 #895797 #900811 #901925 #903589 
                    #903640 #904899 #905681 #907039 #907818 #907988 
                    #908582 #908588 #908589 #908592 #908593 #908594 
                    #908596 #908598 #908603 #908604 #908605 #908606 
                    #908608 #908610 #908612 #909077 #909078 #909477 
                    #909634 #910150 #910322 #910440 #911311 #911325 
                    #911326 #911356 #911438 #911578 #911835 #912061 
                    #912202 #912429 #912705 #913059 #913466 #913695 
                    #914175 #915425 #915454 #915456 #915577 #915858 
                    #916608 #917830 #917839 #918954 #918970 #919463 
                    #920581 #920604 #921313 #922542 #922944 
Cross-References:   CVE-2014-8134 CVE-2014-8160 CVE-2014-8559
                    CVE-2014-9419 CVE-2014-9420 CVE-2014-9428
                    CVE-2014-9529 CVE-2014-9584 CVE-2014-9585
                    CVE-2015-0777 CVE-2015-1421 CVE-2015-1593
                    CVE-2015-2150
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 52 fixes
   is now available.

Description:


   The Linux kernel was updated to fix bugs and security issues:

   Following security issues were fixed:
   - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update
     function in net/sctp/associola.c in the Linux kernel allowed remote
     attackers to cause a denial of service (slab corruption and panic) or
     possibly have unspecified other impact by triggering an INIT collision
     that leads to improper handling of shared-key data.

   - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the
     PCI command register of passed through cards, which could lead to Host
     system crashes.

   - CVE-2015-0777: The XEN usb backend could leak information to the guest
     system due to copying uninitialized memory.

   - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack
     randomization on 64-bit systems.

   - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
     in the Linux kernel did not ensure that Thread Local Storage (TLS)
     descriptors are loaded before proceeding with other steps, which made it
     easier for local users to bypass the ASLR protection mechanism via a
     crafted application that reads a TLS base address.

   - CVE-2014-9428: The batadv_frag_merge_packets function in
     net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the
     Linux kernel used an incorrect length field during a calculation of an
     amount of memory, which allowed remote attackers to cause a denial of
     service (mesh-node system crash) via fragmented packets.

   - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
     kernel generated incorrect conntrack entries during handling of certain
     iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
     which allowed remote attackers to bypass intended access restrictions
     via packets with disallowed port numbers.

   - CVE-2014-9529: Race condition in the key_gc_unused_keys function in
     security/keys/gc.c in the Linux kernel allowed local users to cause a
     denial of service (memory corruption or panic) or possibly have
     unspecified other impact via keyctl commands that trigger access to a
     key structure member during garbage collection of a key.

   - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
     Linux kernel did not restrict the number of Rock Ridge continuation
     entries, which allowed local users to cause a denial of service
     (infinite loop, and system crash or hang) via a crafted iso9660 image.

   - CVE-2014-9584: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel did not validate a length value in
     the Extensions Reference (ER) System Use Field, which allowed local
     users to obtain sensitive information from kernel memory via a crafted
     iso9660 image.

   - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
     Linux kernel did not properly choose memory locations for the vDSO area,
     which made it easier for local users to bypass the ASLR protection
     mechanism by guessing a location at the end of a PMD.

   - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
     through did not properly maintain the semantics of rename_lock, which
     allowed local users to cause a denial of service (deadlock and system
     hang) via a crafted application.

   - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
     in the Linux kernel used an improper paravirt_enabled setting for KVM
     guest kernels, which made it easier for guest OS users to bypass the
     ASLR protection mechanism via a crafted application that reads a 16-bit
     value.

   Following bugs were fixed:
   - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource()
     change (bnc#922542).

   - cifs: fix use-after-free bug in find_writable_file (bnc#909477).

   - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581).

   - fuse: honour max_read and max_write in direct_io mode (bnc#918954).

   - switch iov_iter_get_pages() to passing maximal number of pages
     (bnc#918954).

   - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440).
     Updated because another version went upstream

   - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970).

   - NFS: Don't try to reclaim delegation open state if recovery failed
     (boo#909634).
   - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are
     revoked (boo#909634).
   - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation
     return (boo#909634).
   - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired
     (boo#909634).
   - Fixing lease renewal (boo#909634).

   - bcache: Fix a bug when detaching (bsc#908582).

   - fix a leak in bch_cached_dev_run() (bnc#910440).
   - bcache: unregister reboot notifier when bcache fails to register a block
     device (bnc#910440).
   - bcache: fix a livelock in btree lock (bnc#910440).
   - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
     device (bnc#910440).
   - bcache: Add a cond_resched() call to gc (bnc#910440).

   - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).

   - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608).
   - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode
     (boo#916608).
   - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get
     (boo#916608).
   - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604).
   - ALSA: hda - Fix regression of HD-audio controller fallback modes
     (bsc#921313).

   - [media] sound: Update au0828 quirks table (boo#916608).
   - [media] sound: simplify au0828 quirk table (boo#916608).

   - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210
     (boo#916608).
   - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608).
   - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices
     (boo#916608).
   - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608).
   - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
     (boo#916608).

   - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608).
   - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC
     codecs (boo#916608).
   - ALSA: hda/realtek - New codec support for ALC298 (boo#916608).
   - ALSA: hda/realtek - New codec support for ALC256 (boo#916608).
   - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode
     (boo#916608).
   - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608).
   - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210
     (boo#916608).
   - ALSA: hda/realtek - Add headset Mic support for new Dell machine
     (boo#916608).
   - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608).
   - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608).
   - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608).
   - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).
   - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608).

   - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858).

   - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file

   - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process
     being killed (VM Functionality bnc#910150).

   - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

   - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by
     mount (bsc#907988).

   - Btrfs: fix scrub race leading to use-after-free (bnc#915456).
   - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).
   - Btrfs: fix fsync log replay for inodes with a mix of regular refs and
     extrefs (bnc#915425).
   - Btrfs: fix fsync when extend references are added to an inode
     (bnc#915425).
   - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425).
   - Btrfs: make xattr replace operations atomic (bnc#913466).
   - Btrfs: fix directory recovery from fsync log (bnc#895797).

   - bcache: add mutex lock for bch_is_open (bnc#908612).
   - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610).
   - bcache: fix crash with incomplete cache set (bnc#908608).
   - bcache: fix memory corruption in init error path (bnc#908606).
   - bcache: Fix more early shutdown bugs (bnc#908605).
   - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604).
   - bcache: Fix an infinite loop in journal replay (bnc#908603).
   - bcache: fix typo in bch_bkey_equal_header (bnc#908598).
   - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596).
   - bcache: fix crash on shutdown in passthrough mode (bnc#908594).
   - bcache: fix lockdep warnings on shutdown (bnc#908593).
   - bcache allocator: send discards with correct size (bnc#908592).
   - bcache: Fix to remove the rcu_sched stalls (bnc#908589).
   - bcache: Fix a journal replay bug (bnc#908588).

   - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver
     is already enabled on i386 and history suggests that it not being
     enabled on x86_64 is by mistake.

   - rpm/kernel-binary.spec.in: Own the modules directory in the devel
     package (bnc#910322)

   - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
     (bnc#900811).

   - mm: free compound page with correct order (bnc#913695).

   - drm/i915: More cautious with pch fifo underruns (boo#907039).

   - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge
     support)

   - x86/microcode/intel: Fish out the stashed microcode for the BSP
     (bsc#903589).
   - x86, microcode: Reload microcode on resume (bsc#903589).
   - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589).
   - x86, microcode, intel: Drop unused parameter (bsc#903589).
   - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context
     (bsc#903589).
   - x86, microcode: Update BSPs microcode on resume (bsc#903589).
   - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589).
   - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589).
   - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589).

   - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware
     download (bnc#911311).

   - drm/radeon: fix sad_count check for dce3 (bnc#911356).

   - drm/i915: Don't call intel_prepare_page_flip() multiple times
     on gen2-4 (bnc#911835).

   - udf: Check component length before reading it.
   - udf: Check path length when reading symlink.
   - udf: Verify symlink size before loading it.
   - udf: Verify i_size when loading inode.

   - arm64: Enable DRM

   - arm64: Enable generic PHB driver (bnc#912061).

   - ACPI / video: Add some Samsung models to disable_native_backlight list
     (boo#905681).

   - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).
   - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438).
   - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).
   - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438).
   - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438).
   - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438).
   - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).
   - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438).
   - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438).

   - Input: synaptics - gate forcepad support by DMI check (bnc#911578).

   - ext4: introduce aging to extent status tree (bnc#893428).
   - ext4: cleanup flag definitions for extent status tree (bnc#893428).
   - ext4: limit number of scanned extents in status tree shrinker
     (bnc#893428).
   - ext4: move handling of list of shrinkable inodes into extent status code
     (bnc#893428).
   - ext4: change LRU to round-robin in extent status tree shrinker
     (bnc#893428).
   - ext4: cache extent hole in extent status tree for ext4_da_map_blocks()
     (bnc#893428).
   - ext4: fix block reservation for bigalloc filesystems (bnc#893428).
   - ext4: track extent status tree shrinker delay statictics (bnc#893428).
   - ext4: improve extents status tree trace point (bnc#893428).

   - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft
     packages (bnc#901925)

   - rpm/kernel-binary.spec.in: Fix including the secure boot cert in
     /etc/uefi/certs

   - doc/README.SUSE: update Solid Driver team contacts

   - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199)

   - Port module signing changes from SLE11-SP3 (fate#314508)

   - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document
     after installation.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-302=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i686 x86_64):

      kernel-debug-3.16.7-13.2
      kernel-debug-base-3.16.7-13.2
      kernel-debug-base-debuginfo-3.16.7-13.2
      kernel-debug-debuginfo-3.16.7-13.2
      kernel-debug-debugsource-3.16.7-13.2
      kernel-debug-devel-3.16.7-13.2
      kernel-debug-devel-debuginfo-3.16.7-13.2
      kernel-desktop-3.16.7-13.2
      kernel-desktop-base-3.16.7-13.2
      kernel-desktop-base-debuginfo-3.16.7-13.2
      kernel-desktop-debuginfo-3.16.7-13.2
      kernel-desktop-debugsource-3.16.7-13.2
      kernel-desktop-devel-3.16.7-13.2
      kernel-ec2-3.16.7-13.2
      kernel-ec2-base-3.16.7-13.2
      kernel-ec2-base-debuginfo-3.16.7-13.2
      kernel-ec2-debuginfo-3.16.7-13.2
      kernel-ec2-debugsource-3.16.7-13.2
      kernel-ec2-devel-3.16.7-13.2
      kernel-vanilla-3.16.7-13.2
      kernel-vanilla-debuginfo-3.16.7-13.2
      kernel-vanilla-debugsource-3.16.7-13.2
      kernel-vanilla-devel-3.16.7-13.2
      kernel-xen-3.16.7-13.2
      kernel-xen-base-3.16.7-13.2
      kernel-xen-base-debuginfo-3.16.7-13.2
      kernel-xen-debuginfo-3.16.7-13.2
      kernel-xen-debugsource-3.16.7-13.2
      kernel-xen-devel-3.16.7-13.2

   - openSUSE 13.2 (i586 x86_64):

      bbswitch-0.8-3.6.6
      bbswitch-debugsource-0.8-3.6.6
      bbswitch-kmp-default-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-default-debuginfo-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-desktop-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-xen-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_13-3.6.6
      cloop-2.639-14.6.6
      cloop-debuginfo-2.639-14.6.6
      cloop-debugsource-2.639-14.6.6
      cloop-kmp-default-2.639_k3.16.7_13-14.6.6
      cloop-kmp-default-debuginfo-2.639_k3.16.7_13-14.6.6
      cloop-kmp-desktop-2.639_k3.16.7_13-14.6.6
      cloop-kmp-desktop-debuginfo-2.639_k3.16.7_13-14.6.6
      cloop-kmp-xen-2.639_k3.16.7_13-14.6.6
      cloop-kmp-xen-debuginfo-2.639_k3.16.7_13-14.6.6
      crash-7.0.8-6.6
      crash-debuginfo-7.0.8-6.6
      crash-debugsource-7.0.8-6.6
      crash-devel-7.0.8-6.6
      crash-doc-7.0.8-6.6
      crash-eppic-7.0.8-6.6
      crash-eppic-debuginfo-7.0.8-6.6
      crash-gcore-7.0.8-6.6
      crash-gcore-debuginfo-7.0.8-6.6
      crash-kmp-default-7.0.8_k3.16.7_13-6.6
      crash-kmp-default-debuginfo-7.0.8_k3.16.7_13-6.6
      crash-kmp-desktop-7.0.8_k3.16.7_13-6.6
      crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_13-6.6
      crash-kmp-xen-7.0.8_k3.16.7_13-6.6
      crash-kmp-xen-debuginfo-7.0.8_k3.16.7_13-6.6
      hdjmod-debugsource-1.28-18.7.6
      hdjmod-kmp-default-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-default-debuginfo-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-desktop-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-xen-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_13-18.7.6
      ipset-6.23-6.6
      ipset-debuginfo-6.23-6.6
      ipset-debugsource-6.23-6.6
      ipset-devel-6.23-6.6
      ipset-kmp-default-6.23_k3.16.7_13-6.6
      ipset-kmp-default-debuginfo-6.23_k3.16.7_13-6.6
      ipset-kmp-desktop-6.23_k3.16.7_13-6.6
      ipset-kmp-desktop-debuginfo-6.23_k3.16.7_13-6.6
      ipset-kmp-xen-6.23_k3.16.7_13-6.6
      ipset-kmp-xen-debuginfo-6.23_k3.16.7_13-6.6
      kernel-default-3.16.7-13.3
      kernel-default-base-3.16.7-13.3
      kernel-default-base-debuginfo-3.16.7-13.3
      kernel-default-debuginfo-3.16.7-13.3
      kernel-default-debugsource-3.16.7-13.3
      kernel-default-devel-3.16.7-13.3
      kernel-obs-build-3.16.7-13.7
      kernel-obs-build-debugsource-3.16.7-13.7
      kernel-obs-qa-3.16.7-13.1
      kernel-obs-qa-xen-3.16.7-13.1
      kernel-syms-3.16.7-13.1
      libipset3-6.23-6.6
      libipset3-debuginfo-6.23-6.6
      pcfclock-0.44-260.6.2
      pcfclock-debuginfo-0.44-260.6.2
      pcfclock-debugsource-0.44-260.6.2
      pcfclock-kmp-default-0.44_k3.16.7_13-260.6.2
      pcfclock-kmp-default-debuginfo-0.44_k3.16.7_13-260.6.2
      pcfclock-kmp-desktop-0.44_k3.16.7_13-260.6.2
      pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_13-260.6.2
      python-virtualbox-4.3.20-10.2
      python-virtualbox-debuginfo-4.3.20-10.2
      vhba-kmp-debugsource-20140629-2.6.2
      vhba-kmp-default-20140629_k3.16.7_13-2.6.2
      vhba-kmp-default-debuginfo-20140629_k3.16.7_13-2.6.2
      vhba-kmp-desktop-20140629_k3.16.7_13-2.6.2
      vhba-kmp-desktop-debuginfo-20140629_k3.16.7_13-2.6.2
      vhba-kmp-xen-20140629_k3.16.7_13-2.6.2
      vhba-kmp-xen-debuginfo-20140629_k3.16.7_13-2.6.2
      virtualbox-4.3.20-10.2
      virtualbox-debuginfo-4.3.20-10.2
      virtualbox-debugsource-4.3.20-10.2
      virtualbox-devel-4.3.20-10.2
      virtualbox-guest-kmp-default-4.3.20_k3.16.7_13-10.2
      virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_13-10.2
      virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_13-10.2
      virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_13-10.2
      virtualbox-guest-tools-4.3.20-10.2
      virtualbox-guest-tools-debuginfo-4.3.20-10.2
      virtualbox-guest-x11-4.3.20-10.2
      virtualbox-guest-x11-debuginfo-4.3.20-10.2
      virtualbox-host-kmp-default-4.3.20_k3.16.7_13-10.2
      virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_13-10.2
      virtualbox-host-kmp-desktop-4.3.20_k3.16.7_13-10.2
      virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_13-10.2
      virtualbox-qt-4.3.20-10.2
      virtualbox-qt-debuginfo-4.3.20-10.2
      virtualbox-websrv-4.3.20-10.2
      virtualbox-websrv-debuginfo-4.3.20-10.2
      xen-debugsource-4.4.1_08-12.2
      xen-devel-4.4.1_08-12.2
      xen-libs-4.4.1_08-12.2
      xen-libs-debuginfo-4.4.1_08-12.2
      xen-tools-domU-4.4.1_08-12.2
      xen-tools-domU-debuginfo-4.4.1_08-12.2
      xtables-addons-2.6-6.2
      xtables-addons-debuginfo-2.6-6.2
      xtables-addons-debugsource-2.6-6.2
      xtables-addons-kmp-default-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-desktop-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-xen-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_13-6.2

   - openSUSE 13.2 (noarch):

      kernel-devel-3.16.7-13.1
      kernel-docs-3.16.7-13.2
      kernel-macros-3.16.7-13.1
      kernel-source-3.16.7-13.1
      kernel-source-vanilla-3.16.7-13.1
      virtualbox-guest-desktop-icons-4.3.20-10.2

   - openSUSE 13.2 (x86_64):

      xen-4.4.1_08-12.2
      xen-doc-html-4.4.1_08-12.2
      xen-kmp-default-4.4.1_08_k3.16.7_13-12.2
      xen-kmp-default-debuginfo-4.4.1_08_k3.16.7_13-12.2
      xen-kmp-desktop-4.4.1_08_k3.16.7_13-12.2
      xen-kmp-desktop-debuginfo-4.4.1_08_k3.16.7_13-12.2
      xen-libs-32bit-4.4.1_08-12.2
      xen-libs-debuginfo-32bit-4.4.1_08-12.2
      xen-tools-4.4.1_08-12.2
      xen-tools-debuginfo-4.4.1_08-12.2

   - openSUSE 13.2 (i686):

      kernel-pae-3.16.7-13.2
      kernel-pae-base-3.16.7-13.2
      kernel-pae-base-debuginfo-3.16.7-13.2
      kernel-pae-debuginfo-3.16.7-13.2
      kernel-pae-debugsource-3.16.7-13.2
      kernel-pae-devel-3.16.7-13.2

   - openSUSE 13.2 (i586):

      bbswitch-kmp-pae-0.8_k3.16.7_13-3.6.6
      bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_13-3.6.6
      cloop-kmp-pae-2.639_k3.16.7_13-14.6.6
      cloop-kmp-pae-debuginfo-2.639_k3.16.7_13-14.6.6
      crash-kmp-pae-7.0.8_k3.16.7_13-6.6
      crash-kmp-pae-debuginfo-7.0.8_k3.16.7_13-6.6
      hdjmod-kmp-pae-1.28_k3.16.7_13-18.7.6
      hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_13-18.7.6
      ipset-kmp-pae-6.23_k3.16.7_13-6.6
      ipset-kmp-pae-debuginfo-6.23_k3.16.7_13-6.6
      pcfclock-kmp-pae-0.44_k3.16.7_13-260.6.2
      pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_13-260.6.2
      vhba-kmp-pae-20140629_k3.16.7_13-2.6.2
      vhba-kmp-pae-debuginfo-20140629_k3.16.7_13-2.6.2
      virtualbox-guest-kmp-pae-4.3.20_k3.16.7_13-10.2
      virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_13-10.2
      virtualbox-host-kmp-pae-4.3.20_k3.16.7_13-10.2
      virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_13-10.2
      xtables-addons-kmp-pae-2.6_k3.16.7_13-6.2
      xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_13-6.2


References:

   https://www.suse.com/security/cve/CVE-2014-8134.html
   https://www.suse.com/security/cve/CVE-2014-8160.html
   https://www.suse.com/security/cve/CVE-2014-8559.html
   https://www.suse.com/security/cve/CVE-2014-9419.html
   https://www.suse.com/security/cve/CVE-2014-9420.html
   https://www.suse.com/security/cve/CVE-2014-9428.html
   https://www.suse.com/security/cve/CVE-2014-9529.html
   https://www.suse.com/security/cve/CVE-2014-9584.html
   https://www.suse.com/security/cve/CVE-2014-9585.html
   https://www.suse.com/security/cve/CVE-2015-0777.html
   https://www.suse.com/security/cve/CVE-2015-1421.html
   https://www.suse.com/security/cve/CVE-2015-1593.html
   https://www.suse.com/security/cve/CVE-2015-2150.html
   https://bugzilla.suse.com/867199
   https://bugzilla.suse.com/893428
   https://bugzilla.suse.com/895797
   https://bugzilla.suse.com/900811
   https://bugzilla.suse.com/901925
   https://bugzilla.suse.com/903589
   https://bugzilla.suse.com/903640
   https://bugzilla.suse.com/904899
   https://bugzilla.suse.com/905681
   https://bugzilla.suse.com/907039
   https://bugzilla.suse.com/907818
   https://bugzilla.suse.com/907988
   https://bugzilla.suse.com/908582
   https://bugzilla.suse.com/908588
   https://bugzilla.suse.com/908589
   https://bugzilla.suse.com/908592
   https://bugzilla.suse.com/908593
   https://bugzilla.suse.com/908594
   https://bugzilla.suse.com/908596
   https://bugzilla.suse.com/908598
   https://bugzilla.suse.com/908603
   https://bugzilla.suse.com/908604
   https://bugzilla.suse.com/908605
   https://bugzilla.suse.com/908606
   https://bugzilla.suse.com/908608
   https://bugzilla.suse.com/908610
   https://bugzilla.suse.com/908612
   https://bugzilla.suse.com/909077
   https://bugzilla.suse.com/909078
   https://bugzilla.suse.com/909477
   https://bugzilla.suse.com/909634
   https://bugzilla.suse.com/910150
   https://bugzilla.suse.com/910322
   https://bugzilla.suse.com/910440
   https://bugzilla.suse.com/911311
   https://bugzilla.suse.com/911325
   https://bugzilla.suse.com/911326
   https://bugzilla.suse.com/911356
   https://bugzilla.suse.com/911438
   https://bugzilla.suse.com/911578
   https://bugzilla.suse.com/911835
   https://bugzilla.suse.com/912061
   https://bugzilla.suse.com/912202
   https://bugzilla.suse.com/912429
   https://bugzilla.suse.com/912705
   https://bugzilla.suse.com/913059
   https://bugzilla.suse.com/913466
   https://bugzilla.suse.com/913695
   https://bugzilla.suse.com/914175
   https://bugzilla.suse.com/915425
   https://bugzilla.suse.com/915454
   https://bugzilla.suse.com/915456
   https://bugzilla.suse.com/915577
   https://bugzilla.suse.com/915858
   https://bugzilla.suse.com/916608
   https://bugzilla.suse.com/917830
   https://bugzilla.suse.com/917839
   https://bugzilla.suse.com/918954
   https://bugzilla.suse.com/918970
   https://bugzilla.suse.com/919463
   https://bugzilla.suse.com/920581
   https://bugzilla.suse.com/920604
   https://bugzilla.suse.com/921313
   https://bugzilla.suse.com/922542
   https://bugzilla.suse.com/922944

openSUSE: 2015:0713-1: important: Linux Kernel

April 13, 2015
An update that solves 13 vulnerabilities and has 52 fixes An update that solves 13 vulnerabilities and has 52 fixes An update that solves 13 vulnerabilities and has 52 fixes is now...

Description

The Linux kernel was updated to fix bugs and security issues: Following security issues were fixed: - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the PCI command register of passed through cards, which could lead to Host system crashes. - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-9428: The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel used an incorrect length field during a calculation of an amount of memory, which allowed remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Following bugs were fixed: - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource() change (bnc#922542). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581). - fuse: honour max_read and max_write in direct_io mode (bnc#918954). - switch iov_iter_get_pages() to passing maximal number of pages (bnc#918954). - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440). Updated because another version went upstream - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970). - NFS: Don't try to reclaim delegation open state if recovery failed (boo#909634). - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked (boo#909634). - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation return (boo#909634). - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired (boo#909634). - Fixing lease renewal (boo#909634). - bcache: Fix a bug when detaching (bsc#908582). - fix a leak in bch_cached_dev_run() (bnc#910440). - bcache: unregister reboot notifier when bcache fails to register a block device (bnc#910440). - bcache: fix a livelock in btree lock (bnc#910440). - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bnc#910440). - bcache: Add a cond_resched() call to gc (bnc#910440). - storvsc: ring buffer failures may result in I/O freeze (bnc#914175). - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608). - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode (boo#916608). - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get (boo#916608). - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#921313). - [media] sound: Update au0828 quirks table (boo#916608). - [media] sound: simplify au0828 quirk table (boo#916608). - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210 (boo#916608). - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608). - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices (boo#916608). - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608). - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect (boo#916608). - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608). - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC codecs (boo#916608). - ALSA: hda/realtek - New codec support for ALC298 (boo#916608). - ALSA: hda/realtek - New codec support for ALC256 (boo#916608). - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode (boo#916608). - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608). - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210 (boo#916608). - ALSA: hda/realtek - Add headset Mic support for new Dell machine (boo#916608). - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608). - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608). - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608). - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608). - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608). - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858). - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899). - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (bsc#907988). - Btrfs: fix scrub race leading to use-after-free (bnc#915456). - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454). - Btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bnc#915425). - Btrfs: fix fsync when extend references are added to an inode (bnc#915425). - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425). - Btrfs: make xattr replace operations atomic (bnc#913466). - Btrfs: fix directory recovery from fsync log (bnc#895797). - bcache: add mutex lock for bch_is_open (bnc#908612). - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610). - bcache: fix crash with incomplete cache set (bnc#908608). - bcache: fix memory corruption in init error path (bnc#908606). - bcache: Fix more early shutdown bugs (bnc#908605). - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604). - bcache: Fix an infinite loop in journal replay (bnc#908603). - bcache: fix typo in bch_bkey_equal_header (bnc#908598). - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596). - bcache: fix crash on shutdown in passthrough mode (bnc#908594). - bcache: fix lockdep warnings on shutdown (bnc#908593). - bcache allocator: send discards with correct size (bnc#908592). - bcache: Fix to remove the rcu_sched stalls (bnc#908589). - bcache: Fix a journal replay bug (bnc#908588). - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver is already enabled on i386 and history suggests that it not being enabled on x86_64 is by mistake. - rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" (bnc#900811). - mm: free compound page with correct order (bnc#913695). - drm/i915: More cautious with pch fifo underruns (boo#907039). - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge support) - x86/microcode/intel: Fish out the stashed microcode for the BSP (bsc#903589). - x86, microcode: Reload microcode on resume (bsc#903589). - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589). - x86, microcode, intel: Drop unused parameter (bsc#903589). - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context (bsc#903589). - x86, microcode: Update BSPs microcode on resume (bsc#903589). - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589). - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589). - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589). - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware download (bnc#911311). - drm/radeon: fix sad_count check for dce3 (bnc#911356). - drm/i915: Don't call intel_prepare_page_flip() multiple times on gen2-4 (bnc#911835). - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify symlink size before loading it. - udf: Verify i_size when loading inode. - arm64: Enable DRM - arm64: Enable generic PHB driver (bnc#912061). - ACPI / video: Add some Samsung models to disable_native_backlight list (boo#905681). - asus-nb-wmi: Add another wapf=4 quirk (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438). - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438). - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438). - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438). - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438). - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438). - Input: synaptics - gate forcepad support by DMI check (bnc#911578). - ext4: introduce aging to extent status tree (bnc#893428). - ext4: cleanup flag definitions for extent status tree (bnc#893428). - ext4: limit number of scanned extents in status tree shrinker (bnc#893428). - ext4: move handling of list of shrinkable inodes into extent status code (bnc#893428). - ext4: change LRU to round-robin in extent status tree shrinker (bnc#893428). - ext4: cache extent hole in extent status tree for ext4_da_map_blocks() (bnc#893428). - ext4: fix block reservation for bigalloc filesystems (bnc#893428). - ext4: track extent status tree shrinker delay statictics (bnc#893428). - ext4: improve extents status tree trace point (bnc#893428). - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft packages (bnc#901925) - rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs - doc/README.SUSE: update Solid Driver team contacts - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199) - Port module signing changes from SLE11-SP3 (fate#314508) - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document after installation.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-302=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i686 x86_64): kernel-debug-3.16.7-13.2 kernel-debug-base-3.16.7-13.2 kernel-debug-base-debuginfo-3.16.7-13.2 kernel-debug-debuginfo-3.16.7-13.2 kernel-debug-debugsource-3.16.7-13.2 kernel-debug-devel-3.16.7-13.2 kernel-debug-devel-debuginfo-3.16.7-13.2 kernel-desktop-3.16.7-13.2 kernel-desktop-base-3.16.7-13.2 kernel-desktop-base-debuginfo-3.16.7-13.2 kernel-desktop-debuginfo-3.16.7-13.2 kernel-desktop-debugsource-3.16.7-13.2 kernel-desktop-devel-3.16.7-13.2 kernel-ec2-3.16.7-13.2 kernel-ec2-base-3.16.7-13.2 kernel-ec2-base-debuginfo-3.16.7-13.2 kernel-ec2-debuginfo-3.16.7-13.2 kernel-ec2-debugsource-3.16.7-13.2 kernel-ec2-devel-3.16.7-13.2 kernel-vanilla-3.16.7-13.2 kernel-vanilla-debuginfo-3.16.7-13.2 kernel-vanilla-debugsource-3.16.7-13.2 kernel-vanilla-devel-3.16.7-13.2 kernel-xen-3.16.7-13.2 kernel-xen-base-3.16.7-13.2 kernel-xen-base-debuginfo-3.16.7-13.2 kernel-xen-debuginfo-3.16.7-13.2 kernel-xen-debugsource-3.16.7-13.2 kernel-xen-devel-3.16.7-13.2 - openSUSE 13.2 (i586 x86_64): bbswitch-0.8-3.6.6 bbswitch-debugsource-0.8-3.6.6 bbswitch-kmp-default-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-default-debuginfo-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-desktop-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-xen-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_13-3.6.6 cloop-2.639-14.6.6 cloop-debuginfo-2.639-14.6.6 cloop-debugsource-2.639-14.6.6 cloop-kmp-default-2.639_k3.16.7_13-14.6.6 cloop-kmp-default-debuginfo-2.639_k3.16.7_13-14.6.6 cloop-kmp-desktop-2.639_k3.16.7_13-14.6.6 cloop-kmp-desktop-debuginfo-2.639_k3.16.7_13-14.6.6 cloop-kmp-xen-2.639_k3.16.7_13-14.6.6 cloop-kmp-xen-debuginfo-2.639_k3.16.7_13-14.6.6 crash-7.0.8-6.6 crash-debuginfo-7.0.8-6.6 crash-debugsource-7.0.8-6.6 crash-devel-7.0.8-6.6 crash-doc-7.0.8-6.6 crash-eppic-7.0.8-6.6 crash-eppic-debuginfo-7.0.8-6.6 crash-gcore-7.0.8-6.6 crash-gcore-debuginfo-7.0.8-6.6 crash-kmp-default-7.0.8_k3.16.7_13-6.6 crash-kmp-default-debuginfo-7.0.8_k3.16.7_13-6.6 crash-kmp-desktop-7.0.8_k3.16.7_13-6.6 crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_13-6.6 crash-kmp-xen-7.0.8_k3.16.7_13-6.6 crash-kmp-xen-debuginfo-7.0.8_k3.16.7_13-6.6 hdjmod-debugsource-1.28-18.7.6 hdjmod-kmp-default-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-default-debuginfo-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-desktop-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-xen-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_13-18.7.6 ipset-6.23-6.6 ipset-debuginfo-6.23-6.6 ipset-debugsource-6.23-6.6 ipset-devel-6.23-6.6 ipset-kmp-default-6.23_k3.16.7_13-6.6 ipset-kmp-default-debuginfo-6.23_k3.16.7_13-6.6 ipset-kmp-desktop-6.23_k3.16.7_13-6.6 ipset-kmp-desktop-debuginfo-6.23_k3.16.7_13-6.6 ipset-kmp-xen-6.23_k3.16.7_13-6.6 ipset-kmp-xen-debuginfo-6.23_k3.16.7_13-6.6 kernel-default-3.16.7-13.3 kernel-default-base-3.16.7-13.3 kernel-default-base-debuginfo-3.16.7-13.3 kernel-default-debuginfo-3.16.7-13.3 kernel-default-debugsource-3.16.7-13.3 kernel-default-devel-3.16.7-13.3 kernel-obs-build-3.16.7-13.7 kernel-obs-build-debugsource-3.16.7-13.7 kernel-obs-qa-3.16.7-13.1 kernel-obs-qa-xen-3.16.7-13.1 kernel-syms-3.16.7-13.1 libipset3-6.23-6.6 libipset3-debuginfo-6.23-6.6 pcfclock-0.44-260.6.2 pcfclock-debuginfo-0.44-260.6.2 pcfclock-debugsource-0.44-260.6.2 pcfclock-kmp-default-0.44_k3.16.7_13-260.6.2 pcfclock-kmp-default-debuginfo-0.44_k3.16.7_13-260.6.2 pcfclock-kmp-desktop-0.44_k3.16.7_13-260.6.2 pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_13-260.6.2 python-virtualbox-4.3.20-10.2 python-virtualbox-debuginfo-4.3.20-10.2 vhba-kmp-debugsource-20140629-2.6.2 vhba-kmp-default-20140629_k3.16.7_13-2.6.2 vhba-kmp-default-debuginfo-20140629_k3.16.7_13-2.6.2 vhba-kmp-desktop-20140629_k3.16.7_13-2.6.2 vhba-kmp-desktop-debuginfo-20140629_k3.16.7_13-2.6.2 vhba-kmp-xen-20140629_k3.16.7_13-2.6.2 vhba-kmp-xen-debuginfo-20140629_k3.16.7_13-2.6.2 virtualbox-4.3.20-10.2 virtualbox-debuginfo-4.3.20-10.2 virtualbox-debugsource-4.3.20-10.2 virtualbox-devel-4.3.20-10.2 virtualbox-guest-kmp-default-4.3.20_k3.16.7_13-10.2 virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_13-10.2 virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_13-10.2 virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_13-10.2 virtualbox-guest-tools-4.3.20-10.2 virtualbox-guest-tools-debuginfo-4.3.20-10.2 virtualbox-guest-x11-4.3.20-10.2 virtualbox-guest-x11-debuginfo-4.3.20-10.2 virtualbox-host-kmp-default-4.3.20_k3.16.7_13-10.2 virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_13-10.2 virtualbox-host-kmp-desktop-4.3.20_k3.16.7_13-10.2 virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_13-10.2 virtualbox-qt-4.3.20-10.2 virtualbox-qt-debuginfo-4.3.20-10.2 virtualbox-websrv-4.3.20-10.2 virtualbox-websrv-debuginfo-4.3.20-10.2 xen-debugsource-4.4.1_08-12.2 xen-devel-4.4.1_08-12.2 xen-libs-4.4.1_08-12.2 xen-libs-debuginfo-4.4.1_08-12.2 xen-tools-domU-4.4.1_08-12.2 xen-tools-domU-debuginfo-4.4.1_08-12.2 xtables-addons-2.6-6.2 xtables-addons-debuginfo-2.6-6.2 xtables-addons-debugsource-2.6-6.2 xtables-addons-kmp-default-2.6_k3.16.7_13-6.2 xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_13-6.2 xtables-addons-kmp-desktop-2.6_k3.16.7_13-6.2 xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_13-6.2 xtables-addons-kmp-xen-2.6_k3.16.7_13-6.2 xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_13-6.2 - openSUSE 13.2 (noarch): kernel-devel-3.16.7-13.1 kernel-docs-3.16.7-13.2 kernel-macros-3.16.7-13.1 kernel-source-3.16.7-13.1 kernel-source-vanilla-3.16.7-13.1 virtualbox-guest-desktop-icons-4.3.20-10.2 - openSUSE 13.2 (x86_64): xen-4.4.1_08-12.2 xen-doc-html-4.4.1_08-12.2 xen-kmp-default-4.4.1_08_k3.16.7_13-12.2 xen-kmp-default-debuginfo-4.4.1_08_k3.16.7_13-12.2 xen-kmp-desktop-4.4.1_08_k3.16.7_13-12.2 xen-kmp-desktop-debuginfo-4.4.1_08_k3.16.7_13-12.2 xen-libs-32bit-4.4.1_08-12.2 xen-libs-debuginfo-32bit-4.4.1_08-12.2 xen-tools-4.4.1_08-12.2 xen-tools-debuginfo-4.4.1_08-12.2 - openSUSE 13.2 (i686): kernel-pae-3.16.7-13.2 kernel-pae-base-3.16.7-13.2 kernel-pae-base-debuginfo-3.16.7-13.2 kernel-pae-debuginfo-3.16.7-13.2 kernel-pae-debugsource-3.16.7-13.2 kernel-pae-devel-3.16.7-13.2 - openSUSE 13.2 (i586): bbswitch-kmp-pae-0.8_k3.16.7_13-3.6.6 bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_13-3.6.6 cloop-kmp-pae-2.639_k3.16.7_13-14.6.6 cloop-kmp-pae-debuginfo-2.639_k3.16.7_13-14.6.6 crash-kmp-pae-7.0.8_k3.16.7_13-6.6 crash-kmp-pae-debuginfo-7.0.8_k3.16.7_13-6.6 hdjmod-kmp-pae-1.28_k3.16.7_13-18.7.6 hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_13-18.7.6 ipset-kmp-pae-6.23_k3.16.7_13-6.6 ipset-kmp-pae-debuginfo-6.23_k3.16.7_13-6.6 pcfclock-kmp-pae-0.44_k3.16.7_13-260.6.2 pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_13-260.6.2 vhba-kmp-pae-20140629_k3.16.7_13-2.6.2 vhba-kmp-pae-debuginfo-20140629_k3.16.7_13-2.6.2 virtualbox-guest-kmp-pae-4.3.20_k3.16.7_13-10.2 virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_13-10.2 virtualbox-host-kmp-pae-4.3.20_k3.16.7_13-10.2 virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_13-10.2 xtables-addons-kmp-pae-2.6_k3.16.7_13-6.2 xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_13-6.2


References

https://www.suse.com/security/cve/CVE-2014-8134.html https://www.suse.com/security/cve/CVE-2014-8160.html https://www.suse.com/security/cve/CVE-2014-8559.html https://www.suse.com/security/cve/CVE-2014-9419.html https://www.suse.com/security/cve/CVE-2014-9420.html https://www.suse.com/security/cve/CVE-2014-9428.html https://www.suse.com/security/cve/CVE-2014-9529.html https://www.suse.com/security/cve/CVE-2014-9584.html https://www.suse.com/security/cve/CVE-2014-9585.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1421.html https://www.suse.com/security/cve/CVE-2015-1593.html https://www.suse.com/security/cve/CVE-2015-2150.html https://bugzilla.suse.com/867199 https://bugzilla.suse.com/893428 https://bugzilla.suse.com/895797 https://bugzilla.suse.com/900811 https://bugzilla.suse.com/901925 https://bugzilla.suse.com/903589 https://bugzilla.suse.com/903640 https://bugzilla.suse.com/904899 https://bugzilla.suse.com/905681 https://bugzilla.suse.com/907039 https://bugzilla.suse.com/907818 https://bugzilla.suse.com/907988 https://bugzilla.suse.com/908582 https://bugzilla.suse.com/908588 https://bugzilla.suse.com/908589 https://bugzilla.suse.com/908592 https://bugzilla.suse.com/908593 https://bugzilla.suse.com/908594 https://bugzilla.suse.com/908596 https://bugzilla.suse.com/908598 https://bugzilla.suse.com/908603 https://bugzilla.suse.com/908604 https://bugzilla.suse.com/908605 https://bugzilla.suse.com/908606 https://bugzilla.suse.com/908608 https://bugzilla.suse.com/908610 https://bugzilla.suse.com/908612 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/909078 https://bugzilla.suse.com/909477 https://bugzilla.suse.com/909634 https://bugzilla.suse.com/910150 https://bugzilla.suse.com/910322 https://bugzilla.suse.com/910440 https://bugzilla.suse.com/911311 https://bugzilla.suse.com/911325 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/911356 https://bugzilla.suse.com/911438 https://bugzilla.suse.com/911578 https://bugzilla.suse.com/911835 https://bugzilla.suse.com/912061 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912429 https://bugzilla.suse.com/912705 https://bugzilla.suse.com/913059 https://bugzilla.suse.com/913466 https://bugzilla.suse.com/913695 https://bugzilla.suse.com/914175 https://bugzilla.suse.com/915425 https://bugzilla.suse.com/915454 https://bugzilla.suse.com/915456 https://bugzilla.suse.com/915577 https://bugzilla.suse.com/915858 https://bugzilla.suse.com/916608 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/918954 https://bugzilla.suse.com/918970 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920581 https://bugzilla.suse.com/920604 https://bugzilla.suse.com/921313 https://bugzilla.suse.com/922542 https://bugzilla.suse.com/922944


Severity
Announcement ID: openSUSE-SU-2015:0713-1
Rating: important
Affected Products: openSUSE 13.2

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved