openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1382-1
Rating:             important
References:         #957988 #970892 #970911 #970948 #970955 #970956 
                    #970958 #970970 #971124 #971360 #971628 #972174 
                    #973378 #974418 #975868 
Cross-References:   CVE-2016-2185 CVE-2016-2186 CVE-2016-2188
                    CVE-2016-2847 CVE-2016-3136 CVE-2016-3137
                    CVE-2016-3138 CVE-2016-3140 CVE-2016-3156
                    CVE-2016-3689 CVE-2016-3951
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has four fixes
   is now available.

Description:

   The openSUSE Leap 42.1 kernel was updated to receive various security and
   bugfixes.

   The following security bugs were fixed:
   - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes
     (bsc#970948).
   - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955).
   - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors     (bnc#970956).
   - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911).
   - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970).
   - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
     (bnc#974418).
   - CVE-2016-3140: digi_acceleport: do sanity checking for the number of
     ports (bnc#970892).
   - CVE-2016-2186: powermate: fix oops with malicious USB descriptors     (bnc#970958).
   - CVE-2016-2185: usb_driver_claim_interface: add sanity checking
     (bnc#971124).
   - CVE-2016-3689: ims-pcu: sanity check against missing interfaces
     (bnc#971628).
   - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev
     destroy (bsc#971360).

   The following non-security bugs were fixed:
   - ALSA: timer: Call notifier in the same spinlock (bsc#973378).
   - ALSA: timer: Protect the whole snd_timer_close() with open race
     (bsc#973378).
   - ALSA: timer: Sync timer deletion at closing the system timer
     (bsc#973378).
   - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
   - Backport arm64 patches from SLE12-SP1-ARM
   - Fix kABI additions for pipe: limit the per-user amount of pages
     allocated in pipes.
   - Revert "drm/radeon: call hpd_irq_event on resume" (boo#975868).
   - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a
     module.
   - backends: guarantee one time reads of shared ring contents (bsc#957988).
   - ext4: fix races between buffered IO and collapse / insert range
     (bsc#972174).
   - ext4: fix races between page faults and hole punching (bsc#972174).
   - ext4: fix races of writeback with punch hole and zero range (bsc#972174).
   - ext4: move unlocked dio protection from ext4_alloc_file_blocks()
     (bsc#972174).
   - net: thunderx: Use napi_schedule_irqoff()
   - netback: do not use last request to determine minimum Tx credit
     (bsc#957988).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-629=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i686 x86_64):

      kernel-debug-4.1.21-14.2
      kernel-debug-base-4.1.21-14.2
      kernel-debug-base-debuginfo-4.1.21-14.2
      kernel-debug-debuginfo-4.1.21-14.2
      kernel-debug-debugsource-4.1.21-14.2
      kernel-debug-devel-4.1.21-14.2
      kernel-debug-devel-debuginfo-4.1.21-14.2
      kernel-ec2-4.1.21-14.2
      kernel-ec2-base-4.1.21-14.2
      kernel-ec2-base-debuginfo-4.1.21-14.2
      kernel-ec2-debuginfo-4.1.21-14.2
      kernel-ec2-debugsource-4.1.21-14.2
      kernel-ec2-devel-4.1.21-14.2
      kernel-pv-4.1.21-14.2
      kernel-pv-base-4.1.21-14.2
      kernel-pv-base-debuginfo-4.1.21-14.2
      kernel-pv-debuginfo-4.1.21-14.2
      kernel-pv-debugsource-4.1.21-14.2
      kernel-pv-devel-4.1.21-14.2
      kernel-vanilla-4.1.21-14.2
      kernel-vanilla-debuginfo-4.1.21-14.2
      kernel-vanilla-debugsource-4.1.21-14.2
      kernel-vanilla-devel-4.1.21-14.2
      kernel-xen-4.1.21-14.2
      kernel-xen-base-4.1.21-14.2
      kernel-xen-base-debuginfo-4.1.21-14.2
      kernel-xen-debuginfo-4.1.21-14.2
      kernel-xen-debugsource-4.1.21-14.2
      kernel-xen-devel-4.1.21-14.2

   - openSUSE Leap 42.1 (i586 x86_64):

      kernel-default-4.1.21-14.2
      kernel-default-base-4.1.21-14.2
      kernel-default-base-debuginfo-4.1.21-14.2
      kernel-default-debuginfo-4.1.21-14.2
      kernel-default-debugsource-4.1.21-14.2
      kernel-default-devel-4.1.21-14.2
      kernel-obs-build-4.1.21-14.4
      kernel-obs-build-debugsource-4.1.21-14.4
      kernel-obs-qa-4.1.21-14.2
      kernel-obs-qa-xen-4.1.21-14.2
      kernel-syms-4.1.21-14.2

   - openSUSE Leap 42.1 (noarch):

      kernel-devel-4.1.21-14.2
      kernel-docs-4.1.21-14.5
      kernel-docs-html-4.1.21-14.5
      kernel-docs-pdf-4.1.21-14.5
      kernel-macros-4.1.21-14.2
      kernel-source-4.1.21-14.2
      kernel-source-vanilla-4.1.21-14.2

   - openSUSE Leap 42.1 (i686):

      kernel-pae-4.1.21-14.2
      kernel-pae-base-4.1.21-14.2
      kernel-pae-base-debuginfo-4.1.21-14.2
      kernel-pae-debuginfo-4.1.21-14.2
      kernel-pae-debugsource-4.1.21-14.2
      kernel-pae-devel-4.1.21-14.2


References:

   https://www.suse.com/security/cve/CVE-2016-2185.html
   https://www.suse.com/security/cve/CVE-2016-2186.html
   https://www.suse.com/security/cve/CVE-2016-2188.html
   https://www.suse.com/security/cve/CVE-2016-2847.html
   https://www.suse.com/security/cve/CVE-2016-3136.html
   https://www.suse.com/security/cve/CVE-2016-3137.html
   https://www.suse.com/security/cve/CVE-2016-3138.html
   https://www.suse.com/security/cve/CVE-2016-3140.html
   https://www.suse.com/security/cve/CVE-2016-3156.html
   https://www.suse.com/security/cve/CVE-2016-3689.html
   https://www.suse.com/security/cve/CVE-2016-3951.html
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/970892
   https://bugzilla.suse.com/970911
   https://bugzilla.suse.com/970948
   https://bugzilla.suse.com/970955
   https://bugzilla.suse.com/970956
   https://bugzilla.suse.com/970958
   https://bugzilla.suse.com/970970
   https://bugzilla.suse.com/971124
   https://bugzilla.suse.com/971360
   https://bugzilla.suse.com/971628
   https://bugzilla.suse.com/972174
   https://bugzilla.suse.com/973378
   https://bugzilla.suse.com/974418
   https://bugzilla.suse.com/975868

--

openSUSE: 2016:1382-1: important: the Linux Kernel

May 23, 2016
An update that solves 11 vulnerabilities and has four fixes is now available.

Description

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948). - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955). - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956). - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911). - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970). - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418). - CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892). - CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958). - CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124). - CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628). - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Backport arm64 patches from SLE12-SP1-ARM - Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes. - Revert "drm/radeon: call hpd_irq_event on resume" (boo#975868). - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module. - backends: guarantee one time reads of shared ring contents (bsc#957988). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - net: thunderx: Use napi_schedule_irqoff() - netback: do not use last request to determine minimum Tx credit (bsc#957988).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-629=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.21-14.2 kernel-debug-base-4.1.21-14.2 kernel-debug-base-debuginfo-4.1.21-14.2 kernel-debug-debuginfo-4.1.21-14.2 kernel-debug-debugsource-4.1.21-14.2 kernel-debug-devel-4.1.21-14.2 kernel-debug-devel-debuginfo-4.1.21-14.2 kernel-ec2-4.1.21-14.2 kernel-ec2-base-4.1.21-14.2 kernel-ec2-base-debuginfo-4.1.21-14.2 kernel-ec2-debuginfo-4.1.21-14.2 kernel-ec2-debugsource-4.1.21-14.2 kernel-ec2-devel-4.1.21-14.2 kernel-pv-4.1.21-14.2 kernel-pv-base-4.1.21-14.2 kernel-pv-base-debuginfo-4.1.21-14.2 kernel-pv-debuginfo-4.1.21-14.2 kernel-pv-debugsource-4.1.21-14.2 kernel-pv-devel-4.1.21-14.2 kernel-vanilla-4.1.21-14.2 kernel-vanilla-debuginfo-4.1.21-14.2 kernel-vanilla-debugsource-4.1.21-14.2 kernel-vanilla-devel-4.1.21-14.2 kernel-xen-4.1.21-14.2 kernel-xen-base-4.1.21-14.2 kernel-xen-base-debuginfo-4.1.21-14.2 kernel-xen-debuginfo-4.1.21-14.2 kernel-xen-debugsource-4.1.21-14.2 kernel-xen-devel-4.1.21-14.2 - openSUSE Leap 42.1 (i586 x86_64): kernel-default-4.1.21-14.2 kernel-default-base-4.1.21-14.2 kernel-default-base-debuginfo-4.1.21-14.2 kernel-default-debuginfo-4.1.21-14.2 kernel-default-debugsource-4.1.21-14.2 kernel-default-devel-4.1.21-14.2 kernel-obs-build-4.1.21-14.4 kernel-obs-build-debugsource-4.1.21-14.4 kernel-obs-qa-4.1.21-14.2 kernel-obs-qa-xen-4.1.21-14.2 kernel-syms-4.1.21-14.2 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.21-14.2 kernel-docs-4.1.21-14.5 kernel-docs-html-4.1.21-14.5 kernel-docs-pdf-4.1.21-14.5 kernel-macros-4.1.21-14.2 kernel-source-4.1.21-14.2 kernel-source-vanilla-4.1.21-14.2 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.21-14.2 kernel-pae-base-4.1.21-14.2 kernel-pae-base-debuginfo-4.1.21-14.2 kernel-pae-debuginfo-4.1.21-14.2 kernel-pae-debugsource-4.1.21-14.2 kernel-pae-devel-4.1.21-14.2


References

https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://bugzilla.suse.com/957988 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/975868--


Severity
Announcement ID: openSUSE-SU-2016:1382-1
Rating: important
Affected Products: openSUSE Leap 42.1 le.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved