openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:2290-1
Rating:             important
References:         #963931 #970948 #971126 #971360 #974266 #978821 
                    #978822 #979018 #979213 #979879 #980371 #981058 
                    #981267 #986362 #986365 #986570 #987886 #989084 
                    #989152 #989176 #990058 #991110 #991608 #991665 
                    #994296 #994520 
Cross-References:   CVE-2015-8787 CVE-2016-1237 CVE-2016-2847
                    CVE-2016-3134 CVE-2016-3156 CVE-2016-4485
                    CVE-2016-4486 CVE-2016-4557 CVE-2016-4569
                    CVE-2016-4578 CVE-2016-4580 CVE-2016-4805
                    CVE-2016-4951 CVE-2016-4998 CVE-2016-5696
                    CVE-2016-6480 CVE-2016-6828
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 9 fixes is
   now available.

Description:


   The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various
   security and bugfixes.

   The following security bugs were fixed:
   - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of
     unread data in pipes, which allowed local users to cause a denial of
     service (memory consumption) by creating many pipes with non-default
     sizes (bnc#970948).
   - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not
     validate certain offset fields, which allowed local users to gain
     privileges or cause a denial of service (heap memory corruption) via an
     IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
   - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled
     destruction of device objects, which allowed guest OS users to cause a
     denial of service (host OS networking outage) by arranging for a large
     number of IP addresses (bnc#971360).
   - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the
     Linux kernel did not initialize a certain data structure, which allowed
     attackers to obtain sensitive information from kernel stack memory by
     reading a message (bnc#978821).
   - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory by reading a Netlink message (bnc#978822).
   - CVE-2016-4557: The replace_map_fd_with_map_ptr function in
     kernel/bpf/verifier.c in the Linux kernel did not properly maintain an
     fd data structure, which allowed local users to gain privileges or cause
     a denial of service (use-after-free) via crafted BPF instructions that
     reference an incorrect file descriptor (bnc#979018).
   - CVE-2016-4580: The x25_negotiate_facilities function in
     net/x25/x25_facilities.c in the Linux kernel did not properly initialize
     a certain data structure, which allowed attackers to obtain sensitive
     information from kernel stack memory via an X.25 Call Request
     (bnc#981267).
   - CVE-2016-4805: Use-after-free vulnerability in
     drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to
     cause a denial of service (memory corruption and system crash, or
     spinlock) or possibly have unspecified other impact by removing a
     network namespace, related to the ppp_register_net_channel and
     ppp_unregister_channel functions (bnc#980371).
   - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in
     the Linux kernel did not verify socket existence, which allowed local
     users to cause a denial of service (NULL pointer dereference and system
     crash) or possibly have unspecified other impact via a dumpit operation
     (bnc#981058).
   - CVE-2015-8787: The nf_nat_redirect_ipv4 function in
     net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote
     attackers to cause a denial of service (NULL pointer dereference and
     system crash) or possibly have unspecified other impact by sending
     certain IPv4 packets to an incompletely configured interface, a related
     issue to CVE-2003-1604 (bnc#963931).
   - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory via crafted use of the ALSA timer interface (bnc#979213).
   - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize
     certain r1 data structures, which allowed local users to obtain
     sensitive information from kernel stack memory via crafted use of the
     ALSA timer interface, related to the (1) snd_timer_user_ccallback and
     (2) snd_timer_user_tinterrupt functions (bnc#979879).
   - CVE-2016-6828: A use after free in tcp_xmit_retransmit_queue() was fixed
     that could be used by local attackers to crash the kernel (bsc#994296).
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bnc#986362 986365 990058).
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     man-in-the-middle attackers to hijack TCP sessions via a blind in-window
     attack (bnc#989152).
   - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass
     intended file-permission restrictions by setting a POSIX ACL, related to
     nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570).

   The following non-security bugs were fixed:
   - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).
   - KVM: arm/arm64: Handle forward time correction gracefully (bnc#974266).
   - Linux 4.1.29. Refreshed patch: patches.xen/xen3-fixup-xen Deleted
     patches:
   patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.pat
     ch
   patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.pat
     ch patches.rpmify/Revert-mm-swap.c-flush-lru-pvecs-on-compound-page-ar
     patches.rpmify/Revert-powerpc-Update-TM-user-feature-bits-in-scan_f
   - Revert "mm/swap.c: flush lru pvecs on compound page arrival"
     (boo#989084).
   - Revert "powerpc: Update TM user feature bits in scan_features()". Fix
     the build error of 4.1.28 on ppc.
   - Revive i8042_check_power_owner() for 4.1.31 kabi fix.
   - USB: OHCI: Do not mark EDs as ED_OPER if scheduling fails (bnc#987886).
   - USB: validate wMaxPacketValue entries in endpoint descriptors     (bnc#991665).
   - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch
     (bsc#986570 CVE-2016-1237).
   - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570
     CVE-2016-1237).
   - netfilter: x_tables: fix 4.1 stable backport (bsc#989176).
   - nfsd: check permissions when setting ACLs (bsc#986570).
   - posix_acl: Add set_posix_acl (bsc#986570).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - series.conf: Move a kABI patch to its own section
   - supported.conf: enable i2c-designware driver (bsc#991110)
   - tcp: enable per-socket rate limiting of all "challenge acks"
     (bsc#989152).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-1076=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      hdjmod-debugsource-1.28-24.1
      hdjmod-kmp-default-1.28_k4.1.31_30-24.1
      hdjmod-kmp-default-debuginfo-1.28_k4.1.31_30-24.1
      hdjmod-kmp-pv-1.28_k4.1.31_30-24.1
      hdjmod-kmp-pv-debuginfo-1.28_k4.1.31_30-24.1
      hdjmod-kmp-xen-1.28_k4.1.31_30-24.1
      hdjmod-kmp-xen-debuginfo-1.28_k4.1.31_30-24.1
      ipset-6.25.1-5.1
      ipset-debuginfo-6.25.1-5.1
      ipset-debugsource-6.25.1-5.1
      ipset-devel-6.25.1-5.1
      ipset-kmp-default-6.25.1_k4.1.31_30-5.1
      ipset-kmp-default-debuginfo-6.25.1_k4.1.31_30-5.1
      ipset-kmp-pv-6.25.1_k4.1.31_30-5.1
      ipset-kmp-pv-debuginfo-6.25.1_k4.1.31_30-5.1
      ipset-kmp-xen-6.25.1_k4.1.31_30-5.1
      ipset-kmp-xen-debuginfo-6.25.1_k4.1.31_30-5.1
      kernel-default-4.1.31-30.2
      kernel-default-base-4.1.31-30.2
      kernel-default-base-debuginfo-4.1.31-30.2
      kernel-default-debuginfo-4.1.31-30.2
      kernel-default-debugsource-4.1.31-30.2
      kernel-default-devel-4.1.31-30.2
      kernel-obs-build-4.1.31-30.3
      kernel-obs-build-debugsource-4.1.31-30.3
      kernel-obs-qa-4.1.31-30.1
      kernel-obs-qa-xen-4.1.31-30.1
      kernel-syms-4.1.31-30.1
      libipset3-6.25.1-5.1
      libipset3-debuginfo-6.25.1-5.1
      pcfclock-0.44-266.1
      pcfclock-debuginfo-0.44-266.1
      pcfclock-debugsource-0.44-266.1
      pcfclock-kmp-default-0.44_k4.1.31_30-266.1
      pcfclock-kmp-default-debuginfo-0.44_k4.1.31_30-266.1
      pcfclock-kmp-pv-0.44_k4.1.31_30-266.1
      pcfclock-kmp-pv-debuginfo-0.44_k4.1.31_30-266.1
      vhba-kmp-debugsource-20140928-5.1
      vhba-kmp-default-20140928_k4.1.31_30-5.1
      vhba-kmp-default-debuginfo-20140928_k4.1.31_30-5.1
      vhba-kmp-pv-20140928_k4.1.31_30-5.1
      vhba-kmp-pv-debuginfo-20140928_k4.1.31_30-5.1
      vhba-kmp-xen-20140928_k4.1.31_30-5.1
      vhba-kmp-xen-debuginfo-20140928_k4.1.31_30-5.1

   - openSUSE Leap 42.1 (i686 x86_64):

      kernel-debug-4.1.31-30.2
      kernel-debug-base-4.1.31-30.2
      kernel-debug-base-debuginfo-4.1.31-30.2
      kernel-debug-debuginfo-4.1.31-30.2
      kernel-debug-debugsource-4.1.31-30.2
      kernel-debug-devel-4.1.31-30.2
      kernel-debug-devel-debuginfo-4.1.31-30.2
      kernel-ec2-4.1.31-30.2
      kernel-ec2-base-4.1.31-30.2
      kernel-ec2-base-debuginfo-4.1.31-30.2
      kernel-ec2-debuginfo-4.1.31-30.2
      kernel-ec2-debugsource-4.1.31-30.2
      kernel-ec2-devel-4.1.31-30.2
      kernel-pv-4.1.31-30.2
      kernel-pv-base-4.1.31-30.2
      kernel-pv-base-debuginfo-4.1.31-30.2
      kernel-pv-debuginfo-4.1.31-30.2
      kernel-pv-debugsource-4.1.31-30.2
      kernel-pv-devel-4.1.31-30.2
      kernel-vanilla-4.1.31-30.2
      kernel-vanilla-debuginfo-4.1.31-30.2
      kernel-vanilla-debugsource-4.1.31-30.2
      kernel-vanilla-devel-4.1.31-30.2
      kernel-xen-4.1.31-30.2
      kernel-xen-base-4.1.31-30.2
      kernel-xen-base-debuginfo-4.1.31-30.2
      kernel-xen-debuginfo-4.1.31-30.2
      kernel-xen-debugsource-4.1.31-30.2
      kernel-xen-devel-4.1.31-30.2

   - openSUSE Leap 42.1 (x86_64):

      drbd-8.4.6-8.1
      drbd-debugsource-8.4.6-8.1
      drbd-kmp-default-8.4.6_k4.1.31_30-8.1
      drbd-kmp-default-debuginfo-8.4.6_k4.1.31_30-8.1
      drbd-kmp-pv-8.4.6_k4.1.31_30-8.1
      drbd-kmp-pv-debuginfo-8.4.6_k4.1.31_30-8.1
      drbd-kmp-xen-8.4.6_k4.1.31_30-8.1
      drbd-kmp-xen-debuginfo-8.4.6_k4.1.31_30-8.1
      lttng-modules-2.7.0-2.1
      lttng-modules-debugsource-2.7.0-2.1
      lttng-modules-kmp-default-2.7.0_k4.1.31_30-2.1
      lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.31_30-2.1
      lttng-modules-kmp-pv-2.7.0_k4.1.31_30-2.1
      lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.31_30-2.1

   - openSUSE Leap 42.1 (noarch):

      kernel-devel-4.1.31-30.1
      kernel-docs-4.1.31-30.3
      kernel-docs-html-4.1.31-30.3
      kernel-docs-pdf-4.1.31-30.3
      kernel-macros-4.1.31-30.1
      kernel-source-4.1.31-30.1
      kernel-source-vanilla-4.1.31-30.1

   - openSUSE Leap 42.1 (i686):

      kernel-pae-4.1.31-30.2
      kernel-pae-base-4.1.31-30.2
      kernel-pae-base-debuginfo-4.1.31-30.2
      kernel-pae-debuginfo-4.1.31-30.2
      kernel-pae-debugsource-4.1.31-30.2
      kernel-pae-devel-4.1.31-30.2

   - openSUSE Leap 42.1 (i586):

      hdjmod-kmp-pae-1.28_k4.1.31_30-24.1
      hdjmod-kmp-pae-debuginfo-1.28_k4.1.31_30-24.1
      ipset-kmp-pae-6.25.1_k4.1.31_30-5.1
      ipset-kmp-pae-debuginfo-6.25.1_k4.1.31_30-5.1
      pcfclock-kmp-pae-0.44_k4.1.31_30-266.1
      pcfclock-kmp-pae-debuginfo-0.44_k4.1.31_30-266.1
      vhba-kmp-pae-20140928_k4.1.31_30-5.1
      vhba-kmp-pae-debuginfo-20140928_k4.1.31_30-5.1


References:

   https://www.suse.com/security/cve/CVE-2015-8787.html
   https://www.suse.com/security/cve/CVE-2016-1237.html
   https://www.suse.com/security/cve/CVE-2016-2847.html
   https://www.suse.com/security/cve/CVE-2016-3134.html
   https://www.suse.com/security/cve/CVE-2016-3156.html
   https://www.suse.com/security/cve/CVE-2016-4485.html
   https://www.suse.com/security/cve/CVE-2016-4486.html
   https://www.suse.com/security/cve/CVE-2016-4557.html
   https://www.suse.com/security/cve/CVE-2016-4569.html
   https://www.suse.com/security/cve/CVE-2016-4578.html
   https://www.suse.com/security/cve/CVE-2016-4580.html
   https://www.suse.com/security/cve/CVE-2016-4805.html
   https://www.suse.com/security/cve/CVE-2016-4951.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://bugzilla.suse.com/963931
   https://bugzilla.suse.com/970948
   https://bugzilla.suse.com/971126
   https://bugzilla.suse.com/971360
   https://bugzilla.suse.com/974266
   https://bugzilla.suse.com/978821
   https://bugzilla.suse.com/978822
   https://bugzilla.suse.com/979018
   https://bugzilla.suse.com/979213
   https://bugzilla.suse.com/979879
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/981058
   https://bugzilla.suse.com/981267
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986570
   https://bugzilla.suse.com/987886
   https://bugzilla.suse.com/989084
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989176
   https://bugzilla.suse.com/990058
   https://bugzilla.suse.com/991110
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994520

--

openSUSE: 2016:2290-1: important: the Linux Kernel

September 12, 2016
An update that solves 17 vulnerabilities and has 9 fixes is now available.

Description

The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4557: The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel did not properly maintain an fd data structure, which allowed local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor (bnc#979018). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation (bnc#981058). - CVE-2015-8787: The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604 (bnc#963931). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-6828: A use after free in tcp_xmit_retransmit_queue() was fixed that could be used by local attackers to crash the kernel (bsc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 986365 990058). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed: - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - KVM: arm/arm64: Handle forward time correction gracefully (bnc#974266). - Linux 4.1.29. Refreshed patch: patches.xen/xen3-fixup-xen Deleted patches: patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.pat ch patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.pat ch patches.rpmify/Revert-mm-swap.c-flush-lru-pvecs-on-compound-page-ar patches.rpmify/Revert-powerpc-Update-TM-user-feature-bits-in-scan_f - Revert "mm/swap.c: flush lru pvecs on compound page arrival" (boo#989084). - Revert "powerpc: Update TM user feature bits in scan_features()". Fix the build error of 4.1.28 on ppc. - Revive i8042_check_power_owner() for 4.1.31 kabi fix. - USB: OHCI: Do not mark EDs as ED_OPER if scheduling fails (bnc#987886). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch (bsc#986570 CVE-2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE-2016-1237). - netfilter: x_tables: fix 4.1 stable backport (bsc#989176). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - series.conf: Move a kABI patch to its own section - supported.conf: enable i2c-designware driver (bsc#991110) - tcp: enable per-socket rate limiting of all "challenge acks" (bsc#989152).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1076=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): hdjmod-debugsource-1.28-24.1 hdjmod-kmp-default-1.28_k4.1.31_30-24.1 hdjmod-kmp-default-debuginfo-1.28_k4.1.31_30-24.1 hdjmod-kmp-pv-1.28_k4.1.31_30-24.1 hdjmod-kmp-pv-debuginfo-1.28_k4.1.31_30-24.1 hdjmod-kmp-xen-1.28_k4.1.31_30-24.1 hdjmod-kmp-xen-debuginfo-1.28_k4.1.31_30-24.1 ipset-6.25.1-5.1 ipset-debuginfo-6.25.1-5.1 ipset-debugsource-6.25.1-5.1 ipset-devel-6.25.1-5.1 ipset-kmp-default-6.25.1_k4.1.31_30-5.1 ipset-kmp-default-debuginfo-6.25.1_k4.1.31_30-5.1 ipset-kmp-pv-6.25.1_k4.1.31_30-5.1 ipset-kmp-pv-debuginfo-6.25.1_k4.1.31_30-5.1 ipset-kmp-xen-6.25.1_k4.1.31_30-5.1 ipset-kmp-xen-debuginfo-6.25.1_k4.1.31_30-5.1 kernel-default-4.1.31-30.2 kernel-default-base-4.1.31-30.2 kernel-default-base-debuginfo-4.1.31-30.2 kernel-default-debuginfo-4.1.31-30.2 kernel-default-debugsource-4.1.31-30.2 kernel-default-devel-4.1.31-30.2 kernel-obs-build-4.1.31-30.3 kernel-obs-build-debugsource-4.1.31-30.3 kernel-obs-qa-4.1.31-30.1 kernel-obs-qa-xen-4.1.31-30.1 kernel-syms-4.1.31-30.1 libipset3-6.25.1-5.1 libipset3-debuginfo-6.25.1-5.1 pcfclock-0.44-266.1 pcfclock-debuginfo-0.44-266.1 pcfclock-debugsource-0.44-266.1 pcfclock-kmp-default-0.44_k4.1.31_30-266.1 pcfclock-kmp-default-debuginfo-0.44_k4.1.31_30-266.1 pcfclock-kmp-pv-0.44_k4.1.31_30-266.1 pcfclock-kmp-pv-debuginfo-0.44_k4.1.31_30-266.1 vhba-kmp-debugsource-20140928-5.1 vhba-kmp-default-20140928_k4.1.31_30-5.1 vhba-kmp-default-debuginfo-20140928_k4.1.31_30-5.1 vhba-kmp-pv-20140928_k4.1.31_30-5.1 vhba-kmp-pv-debuginfo-20140928_k4.1.31_30-5.1 vhba-kmp-xen-20140928_k4.1.31_30-5.1 vhba-kmp-xen-debuginfo-20140928_k4.1.31_30-5.1 - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.31-30.2 kernel-debug-base-4.1.31-30.2 kernel-debug-base-debuginfo-4.1.31-30.2 kernel-debug-debuginfo-4.1.31-30.2 kernel-debug-debugsource-4.1.31-30.2 kernel-debug-devel-4.1.31-30.2 kernel-debug-devel-debuginfo-4.1.31-30.2 kernel-ec2-4.1.31-30.2 kernel-ec2-base-4.1.31-30.2 kernel-ec2-base-debuginfo-4.1.31-30.2 kernel-ec2-debuginfo-4.1.31-30.2 kernel-ec2-debugsource-4.1.31-30.2 kernel-ec2-devel-4.1.31-30.2 kernel-pv-4.1.31-30.2 kernel-pv-base-4.1.31-30.2 kernel-pv-base-debuginfo-4.1.31-30.2 kernel-pv-debuginfo-4.1.31-30.2 kernel-pv-debugsource-4.1.31-30.2 kernel-pv-devel-4.1.31-30.2 kernel-vanilla-4.1.31-30.2 kernel-vanilla-debuginfo-4.1.31-30.2 kernel-vanilla-debugsource-4.1.31-30.2 kernel-vanilla-devel-4.1.31-30.2 kernel-xen-4.1.31-30.2 kernel-xen-base-4.1.31-30.2 kernel-xen-base-debuginfo-4.1.31-30.2 kernel-xen-debuginfo-4.1.31-30.2 kernel-xen-debugsource-4.1.31-30.2 kernel-xen-devel-4.1.31-30.2 - openSUSE Leap 42.1 (x86_64): drbd-8.4.6-8.1 drbd-debugsource-8.4.6-8.1 drbd-kmp-default-8.4.6_k4.1.31_30-8.1 drbd-kmp-default-debuginfo-8.4.6_k4.1.31_30-8.1 drbd-kmp-pv-8.4.6_k4.1.31_30-8.1 drbd-kmp-pv-debuginfo-8.4.6_k4.1.31_30-8.1 drbd-kmp-xen-8.4.6_k4.1.31_30-8.1 drbd-kmp-xen-debuginfo-8.4.6_k4.1.31_30-8.1 lttng-modules-2.7.0-2.1 lttng-modules-debugsource-2.7.0-2.1 lttng-modules-kmp-default-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-pv-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.31_30-2.1 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.31-30.1 kernel-docs-4.1.31-30.3 kernel-docs-html-4.1.31-30.3 kernel-docs-pdf-4.1.31-30.3 kernel-macros-4.1.31-30.1 kernel-source-4.1.31-30.1 kernel-source-vanilla-4.1.31-30.1 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.31-30.2 kernel-pae-base-4.1.31-30.2 kernel-pae-base-debuginfo-4.1.31-30.2 kernel-pae-debuginfo-4.1.31-30.2 kernel-pae-debugsource-4.1.31-30.2 kernel-pae-devel-4.1.31-30.2 - openSUSE Leap 42.1 (i586): hdjmod-kmp-pae-1.28_k4.1.31_30-24.1 hdjmod-kmp-pae-debuginfo-1.28_k4.1.31_30-24.1 ipset-kmp-pae-6.25.1_k4.1.31_30-5.1 ipset-kmp-pae-debuginfo-6.25.1_k4.1.31_30-5.1 pcfclock-kmp-pae-0.44_k4.1.31_30-266.1 pcfclock-kmp-pae-debuginfo-0.44_k4.1.31_30-266.1 vhba-kmp-pae-20140928_k4.1.31_30-5.1 vhba-kmp-pae-debuginfo-20140928_k4.1.31_30-5.1


References

https://www.suse.com/security/cve/CVE-2015-8787.html https://www.suse.com/security/cve/CVE-2016-1237.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4557.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4951.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://bugzilla.suse.com/963931 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/974266 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979018 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/981058 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986570 https://bugzilla.suse.com/987886 https://bugzilla.suse.com/989084 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989176 https://bugzilla.suse.com/990058 https://bugzilla.suse.com/991110 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994520--


Severity
Announcement ID: openSUSE-SU-2016:2290-1
Rating: important
Affected Products: openSUSE Leap 42.1 le.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved