   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:3058-1
Rating:             important
References:         #1001171 #1001486 #1003925 #1004517 #1006580 
                    #1007197 #1007615 #1007653 #1008650 #1008833 
                    #1009222 #1010040 #1010150 #1010478 #1010501 
                    #1010502 #1010507 #1010909 #1011685 #1012754 
                    #1012876 #1013533 #934067 #990384 #993739 
                    #995968 #999577 #999907 
Cross-References:   CVE-2015-8956 CVE-2015-8962 CVE-2015-8963
                    CVE-2015-8964 CVE-2016-7042 CVE-2016-7097
                    CVE-2016-7913 CVE-2016-8630 CVE-2016-8633
                    CVE-2016-8646 CVE-2016-8655 CVE-2016-9083
                    CVE-2016-9084 CVE-2016-9178 CVE-2016-9555
                    CVE-2016-9794
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has 12 fixes
   is now available.

Description:



   The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2016-8655: A race condition in the af_packet packet_set_ring
     function could be used by local attackers to crash the kernel or gain
     privileges (bsc#1012754).
   - CVE-2016-9794: A use-after-free in ALSA pcm could lead to crashes or
     allowed local users to potentially gain privileges (bsc#1013533).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-9178: The __get_user_asm_ex macro in
     arch/x86/include/asm/uaccess.h in the Linux kernel did not initialize a
     certain integer variable, which allowed local users to obtain sensitive
     information from kernel stack memory by triggering failure of a
     get_user_ex call (bnc#1008650).
   - CVE-2016-7913: The xc2028_set_config function in
     drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (use-after-free)
     via vectors involving omission of the firmware name from a certain data
     structure (bnc#1010478).
   - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
     the Linux kernel lacks chunk-length checking for the first chunk, which
     allowed remote attackers to cause a denial of service (out-of-bounds
     slab access) or possibly have unspecified other impact via crafted SCTP
     data (bnc#1011685).
   - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (use-after-free) by leveraging incorrect handling of an swevent
     data structure during a CPU unplug operation (bnc#1010502).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the
     Linux kernel allowed local users to cause a denial of service (OOPS) by
     attempting to trigger use of in-kernel hash algorithms for a socket that
     has received zero bytes of data (bnc#1010150).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain
     unusual hardware configurations, allowed remote attackers to execute
     arbitrary code via crafted fragmented packets (bnc#1008833).
   - CVE-2016-8630: The x86_decode_insn function in arch/x86/kvm/emulate.c in
     the Linux kernel, when KVM is enabled, allowed local users to cause a
     denial of service (host OS crash) via a certain use of a ModR/M byte in
     an undefined instruction (bnc#1009222).
   - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed
     local users to bypass integer overflow checks, and cause a denial of
     service (memory corruption) or have unspecified other impact, by
     leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS
     ioctl call, aka a "state machine confusion bug (bnc#1007197).
   - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel
     misuses the kzalloc function, which allowed local users to cause a
     denial of service (integer overflow) or have unspecified other impact by
     leveraging access to a vfio PCI device file (bnc#1007197).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc)
     stack protector is enabled, uses an incorrect buffer size for certain
     timeout data, which allowed local users to cause a denial of service
     (stack memory corruption and panic) by reading the /proc/keys file
     (bnc#1004517).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserves the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).

   The following non-security bugs were fixed:

   - ata: ahci_xgene: dereferencing uninitialized pointer in probe
     (bsc#1006580).
   - blacklist.conf: add some commits (bsc#1006580)
   - bna: Add synchronization for tx ring (bsc#993739).
   - bonding: set carrier off for devices created through netlink
     (bsc#999577).
   - btrfs: deal with duplicates during extent_map insertion in
     btrfs_get_extent (bsc#1001171).
   - btrfs: deal with existing encompassing extent map in btrfs_get_extent()
     (bsc#1001171).
   - btrfs: fix extent tree corruption due to relocation (bsc#990384).
   - btrfs: fix races on root_log_ctx lists (bsc#1007653).
   - ext4: fix data exposure after a crash (bsc#1012876).
   - ext4: fix reference counting bug on block allocation error (bsc#1012876).
   - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via
     FOU (bsc#1001486).
   - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486).
   - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).
   - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).
   - isofs: Do not return EACCES for unknown filesystems (bsc#1012876).
   - jbd2: fix checkpoint list cleanup (bsc#1012876).
   - jbd2: Fix unreclaimed pages after truncate in data=journal mode
     (bsc#1010909).
   - locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580).
   - mmc: Fix kabi breakage of mmc-block in 4.1.36 (stable-4.1.36).
   - posix_acl: Added fix for f2fs.
   - Revert "kbuild: add -fno-PIE" (stable-4.1.36).
   - Revert "x86/mm: Expand the exception table logic to allow new handling
     options" (stable-4.1.36).
   - tunnels: Remove encapsulation offloads on decap (bsc#1001486).
   - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
   - vmxnet3: Wake queue from reset work (bsc#999907).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-1428=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i686 x86_64):

      kernel-debug-4.1.36-38.1
      kernel-debug-base-4.1.36-38.1
      kernel-debug-base-debuginfo-4.1.36-38.1
      kernel-debug-debuginfo-4.1.36-38.1
      kernel-debug-debugsource-4.1.36-38.1
      kernel-debug-devel-4.1.36-38.1
      kernel-debug-devel-debuginfo-4.1.36-38.1
      kernel-ec2-4.1.36-38.1
      kernel-ec2-base-4.1.36-38.1
      kernel-ec2-base-debuginfo-4.1.36-38.1
      kernel-ec2-debuginfo-4.1.36-38.1
      kernel-ec2-debugsource-4.1.36-38.1
      kernel-ec2-devel-4.1.36-38.1
      kernel-pv-4.1.36-38.1
      kernel-pv-base-4.1.36-38.1
      kernel-pv-base-debuginfo-4.1.36-38.1
      kernel-pv-debuginfo-4.1.36-38.1
      kernel-pv-debugsource-4.1.36-38.1
      kernel-pv-devel-4.1.36-38.1
      kernel-vanilla-4.1.36-38.1
      kernel-vanilla-debuginfo-4.1.36-38.1
      kernel-vanilla-debugsource-4.1.36-38.1
      kernel-vanilla-devel-4.1.36-38.1
      kernel-xen-4.1.36-38.1
      kernel-xen-base-4.1.36-38.1
      kernel-xen-base-debuginfo-4.1.36-38.1
      kernel-xen-debuginfo-4.1.36-38.1
      kernel-xen-debugsource-4.1.36-38.1
      kernel-xen-devel-4.1.36-38.1

   - openSUSE Leap 42.1 (i586 x86_64):

      hdjmod-debugsource-1.28-28.2
      hdjmod-kmp-default-1.28_k4.1.36_38-28.2
      hdjmod-kmp-default-debuginfo-1.28_k4.1.36_38-28.2
      hdjmod-kmp-pv-1.28_k4.1.36_38-28.2
      hdjmod-kmp-pv-debuginfo-1.28_k4.1.36_38-28.2
      hdjmod-kmp-xen-1.28_k4.1.36_38-28.2
      hdjmod-kmp-xen-debuginfo-1.28_k4.1.36_38-28.2
      ipset-6.25.1-9.2
      ipset-debuginfo-6.25.1-9.2
      ipset-debugsource-6.25.1-9.2
      ipset-devel-6.25.1-9.2
      ipset-kmp-default-6.25.1_k4.1.36_38-9.2
      ipset-kmp-default-debuginfo-6.25.1_k4.1.36_38-9.2
      ipset-kmp-pv-6.25.1_k4.1.36_38-9.2
      ipset-kmp-pv-debuginfo-6.25.1_k4.1.36_38-9.2
      ipset-kmp-xen-6.25.1_k4.1.36_38-9.2
      ipset-kmp-xen-debuginfo-6.25.1_k4.1.36_38-9.2
      kernel-default-4.1.36-38.1
      kernel-default-base-4.1.36-38.1
      kernel-default-base-debuginfo-4.1.36-38.1
      kernel-default-debuginfo-4.1.36-38.1
      kernel-default-debugsource-4.1.36-38.1
      kernel-default-devel-4.1.36-38.1
      kernel-obs-build-4.1.36-38.2
      kernel-obs-build-debugsource-4.1.36-38.2
      kernel-obs-qa-4.1.36-38.1
      kernel-syms-4.1.36-38.1
      libipset3-6.25.1-9.2
      libipset3-debuginfo-6.25.1-9.2
      pcfclock-0.44-270.2
      pcfclock-debuginfo-0.44-270.2
      pcfclock-debugsource-0.44-270.2
      pcfclock-kmp-default-0.44_k4.1.36_38-270.2
      pcfclock-kmp-default-debuginfo-0.44_k4.1.36_38-270.2
      pcfclock-kmp-pv-0.44_k4.1.36_38-270.2
      pcfclock-kmp-pv-debuginfo-0.44_k4.1.36_38-270.2
      vhba-kmp-debugsource-20140928-9.2
      vhba-kmp-default-20140928_k4.1.36_38-9.2
      vhba-kmp-default-debuginfo-20140928_k4.1.36_38-9.2
      vhba-kmp-pv-20140928_k4.1.36_38-9.2
      vhba-kmp-pv-debuginfo-20140928_k4.1.36_38-9.2
      vhba-kmp-xen-20140928_k4.1.36_38-9.2
      vhba-kmp-xen-debuginfo-20140928_k4.1.36_38-9.2

   - openSUSE Leap 42.1 (noarch):

      kernel-devel-4.1.36-38.1
      kernel-docs-4.1.36-38.2
      kernel-docs-html-4.1.36-38.2
      kernel-docs-pdf-4.1.36-38.2
      kernel-macros-4.1.36-38.1
      kernel-source-4.1.36-38.1
      kernel-source-vanilla-4.1.36-38.1

   - openSUSE Leap 42.1 (x86_64):

      drbd-8.4.6-12.2
      drbd-debugsource-8.4.6-12.2
      drbd-kmp-default-8.4.6_k4.1.36_38-12.2
      drbd-kmp-default-debuginfo-8.4.6_k4.1.36_38-12.2
      drbd-kmp-pv-8.4.6_k4.1.36_38-12.2
      drbd-kmp-pv-debuginfo-8.4.6_k4.1.36_38-12.2
      drbd-kmp-xen-8.4.6_k4.1.36_38-12.2
      drbd-kmp-xen-debuginfo-8.4.6_k4.1.36_38-12.2
      lttng-modules-2.7.0-6.2
      lttng-modules-debugsource-2.7.0-6.2
      lttng-modules-kmp-default-2.7.0_k4.1.36_38-6.2
      lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.36_38-6.2
      lttng-modules-kmp-pv-2.7.0_k4.1.36_38-6.2
      lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.36_38-6.2

   - openSUSE Leap 42.1 (i686):

      kernel-pae-4.1.36-38.1
      kernel-pae-base-4.1.36-38.1
      kernel-pae-base-debuginfo-4.1.36-38.1
      kernel-pae-debuginfo-4.1.36-38.1
      kernel-pae-debugsource-4.1.36-38.1
      kernel-pae-devel-4.1.36-38.1

   - openSUSE Leap 42.1 (i586):

      hdjmod-kmp-pae-1.28_k4.1.36_38-28.2
      hdjmod-kmp-pae-debuginfo-1.28_k4.1.36_38-28.2
      ipset-kmp-pae-6.25.1_k4.1.36_38-9.2
      ipset-kmp-pae-debuginfo-6.25.1_k4.1.36_38-9.2
      pcfclock-kmp-pae-0.44_k4.1.36_38-270.2
      pcfclock-kmp-pae-debuginfo-0.44_k4.1.36_38-270.2
      vhba-kmp-pae-20140928_k4.1.36_38-9.2
      vhba-kmp-pae-debuginfo-20140928_k4.1.36_38-9.2


References:

   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8963.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7913.html
   https://www.suse.com/security/cve/CVE-2016-8630.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8646.html
   https://www.suse.com/security/cve/CVE-2016-8655.html
   https://www.suse.com/security/cve/CVE-2016-9083.html
   https://www.suse.com/security/cve/CVE-2016-9084.html
   https://www.suse.com/security/cve/CVE-2016-9178.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9794.html
   https://bugzilla.suse.com/1001171
   https://bugzilla.suse.com/1001486
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1006580
   https://bugzilla.suse.com/1007197
   https://bugzilla.suse.com/1007615
   https://bugzilla.suse.com/1007653
   https://bugzilla.suse.com/1008650
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1009222
   https://bugzilla.suse.com/1010040
   https://bugzilla.suse.com/1010150
   https://bugzilla.suse.com/1010478
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010502
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010909
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1012754
   https://bugzilla.suse.com/1012876
   https://bugzilla.suse.com/1013533
   https://bugzilla.suse.com/934067
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/993739
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/999577
   https://bugzilla.suse.com/999907

openSUSE: 2016:3058-1: important: the Linux Kernel

December 8, 2016

An update that solves 16 vulnerabilities and has 12 fixes An update that solves 16 vulnerabilities and has 12 fixes An update that solves 16 vulnerabilities and has 12 fixes is now...

Description

The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-9794: A use-after-free in ALSA pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9178: The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel did not initialize a certain integer variable, which allowed local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call (bnc#1008650). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8630: The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel, when KVM is enabled, allowed local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction (bnc#1009222). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). The following non-security bugs were fixed: - ata: ahci_xgene: dereferencing uninitialized pointer in probe (bsc#1006580). - blacklist.conf: add some commits (bsc#1006580) - bna: Add synchronization for tx ring (bsc#993739). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: fix extent tree corruption due to relocation (bsc#990384). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - ext4: fix data exposure after a crash (bsc#1012876). - ext4: fix reference counting bug on block allocation error (bsc#1012876). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - isofs: Do not return EACCES for unknown filesystems (bsc#1012876). - jbd2: fix checkpoint list cleanup (bsc#1012876). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#1010909). - locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580). - mmc: Fix kabi breakage of mmc-block in 4.1.36 (stable-4.1.36). - posix_acl: Added fix for f2fs. - Revert "kbuild: add -fno-PIE" (stable-4.1.36). - Revert "x86/mm: Expand the exception table logic to allow new handling options" (stable-4.1.36). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - vmxnet3: Wake queue from reset work (bsc#999907).

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1428=1 To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.36-38.1 kernel-debug-base-4.1.36-38.1 kernel-debug-base-debuginfo-4.1.36-38.1 kernel-debug-debuginfo-4.1.36-38.1 kernel-debug-debugsource-4.1.36-38.1 kernel-debug-devel-4.1.36-38.1 kernel-debug-devel-debuginfo-4.1.36-38.1 kernel-ec2-4.1.36-38.1 kernel-ec2-base-4.1.36-38.1 kernel-ec2-base-debuginfo-4.1.36-38.1 kernel-ec2-debuginfo-4.1.36-38.1 kernel-ec2-debugsource-4.1.36-38.1 kernel-ec2-devel-4.1.36-38.1 kernel-pv-4.1.36-38.1 kernel-pv-base-4.1.36-38.1 kernel-pv-base-debuginfo-4.1.36-38.1 kernel-pv-debuginfo-4.1.36-38.1 kernel-pv-debugsource-4.1.36-38.1 kernel-pv-devel-4.1.36-38.1 kernel-vanilla-4.1.36-38.1 kernel-vanilla-debuginfo-4.1.36-38.1 kernel-vanilla-debugsource-4.1.36-38.1 kernel-vanilla-devel-4.1.36-38.1 kernel-xen-4.1.36-38.1 kernel-xen-base-4.1.36-38.1 kernel-xen-base-debuginfo-4.1.36-38.1 kernel-xen-debuginfo-4.1.36-38.1 kernel-xen-debugsource-4.1.36-38.1 kernel-xen-devel-4.1.36-38.1 - openSUSE Leap 42.1 (i586 x86_64): hdjmod-debugsource-1.28-28.2 hdjmod-kmp-default-1.28_k4.1.36_38-28.2 hdjmod-kmp-default-debuginfo-1.28_k4.1.36_38-28.2 hdjmod-kmp-pv-1.28_k4.1.36_38-28.2 hdjmod-kmp-pv-debuginfo-1.28_k4.1.36_38-28.2 hdjmod-kmp-xen-1.28_k4.1.36_38-28.2 hdjmod-kmp-xen-debuginfo-1.28_k4.1.36_38-28.2 ipset-6.25.1-9.2 ipset-debuginfo-6.25.1-9.2 ipset-debugsource-6.25.1-9.2 ipset-devel-6.25.1-9.2 ipset-kmp-default-6.25.1_k4.1.36_38-9.2 ipset-kmp-default-debuginfo-6.25.1_k4.1.36_38-9.2 ipset-kmp-pv-6.25.1_k4.1.36_38-9.2 ipset-kmp-pv-debuginfo-6.25.1_k4.1.36_38-9.2 ipset-kmp-xen-6.25.1_k4.1.36_38-9.2 ipset-kmp-xen-debuginfo-6.25.1_k4.1.36_38-9.2 kernel-default-4.1.36-38.1 kernel-default-base-4.1.36-38.1 kernel-default-base-debuginfo-4.1.36-38.1 kernel-default-debuginfo-4.1.36-38.1 kernel-default-debugsource-4.1.36-38.1 kernel-default-devel-4.1.36-38.1 kernel-obs-build-4.1.36-38.2 kernel-obs-build-debugsource-4.1.36-38.2 kernel-obs-qa-4.1.36-38.1 kernel-syms-4.1.36-38.1 libipset3-6.25.1-9.2 libipset3-debuginfo-6.25.1-9.2 pcfclock-0.44-270.2 pcfclock-debuginfo-0.44-270.2 pcfclock-debugsource-0.44-270.2 pcfclock-kmp-default-0.44_k4.1.36_38-270.2 pcfclock-kmp-default-debuginfo-0.44_k4.1.36_38-270.2 pcfclock-kmp-pv-0.44_k4.1.36_38-270.2 pcfclock-kmp-pv-debuginfo-0.44_k4.1.36_38-270.2 vhba-kmp-debugsource-20140928-9.2 vhba-kmp-default-20140928_k4.1.36_38-9.2 vhba-kmp-default-debuginfo-20140928_k4.1.36_38-9.2 vhba-kmp-pv-20140928_k4.1.36_38-9.2 vhba-kmp-pv-debuginfo-20140928_k4.1.36_38-9.2 vhba-kmp-xen-20140928_k4.1.36_38-9.2 vhba-kmp-xen-debuginfo-20140928_k4.1.36_38-9.2 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.36-38.1 kernel-docs-4.1.36-38.2 kernel-docs-html-4.1.36-38.2 kernel-docs-pdf-4.1.36-38.2 kernel-macros-4.1.36-38.1 kernel-source-4.1.36-38.1 kernel-source-vanilla-4.1.36-38.1 - openSUSE Leap 42.1 (x86_64): drbd-8.4.6-12.2 drbd-debugsource-8.4.6-12.2 drbd-kmp-default-8.4.6_k4.1.36_38-12.2 drbd-kmp-default-debuginfo-8.4.6_k4.1.36_38-12.2 drbd-kmp-pv-8.4.6_k4.1.36_38-12.2 drbd-kmp-pv-debuginfo-8.4.6_k4.1.36_38-12.2 drbd-kmp-xen-8.4.6_k4.1.36_38-12.2 drbd-kmp-xen-debuginfo-8.4.6_k4.1.36_38-12.2 lttng-modules-2.7.0-6.2 lttng-modules-debugsource-2.7.0-6.2 lttng-modules-kmp-default-2.7.0_k4.1.36_38-6.2 lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.36_38-6.2 lttng-modules-kmp-pv-2.7.0_k4.1.36_38-6.2 lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.36_38-6.2 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.36-38.1 kernel-pae-base-4.1.36-38.1 kernel-pae-base-debuginfo-4.1.36-38.1 kernel-pae-debuginfo-4.1.36-38.1 kernel-pae-debugsource-4.1.36-38.1 kernel-pae-devel-4.1.36-38.1 - openSUSE Leap 42.1 (i586): hdjmod-kmp-pae-1.28_k4.1.36_38-28.2 hdjmod-kmp-pae-debuginfo-1.28_k4.1.36_38-28.2 ipset-kmp-pae-6.25.1_k4.1.36_38-9.2 ipset-kmp-pae-debuginfo-6.25.1_k4.1.36_38-9.2 pcfclock-kmp-pae-0.44_k4.1.36_38-270.2 pcfclock-kmp-pae-debuginfo-0.44_k4.1.36_38-270.2 vhba-kmp-pae-20140928_k4.1.36_38-9.2 vhba-kmp-pae-debuginfo-20140928_k4.1.36_38-9.2

References

https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8963.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-8630.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9178.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1001171 https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1006580 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007653 https://bugzilla.suse.com/1008650 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1009222 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010502 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010909 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012754 https://bugzilla.suse.com/1012876 https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/934067 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/999577 https://bugzilla.suse.com/999907