   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0585-1
Rating:             important
References:         #812259 #855062 #867583 #899908 #902606 #924919 
                    #935087 #937261 #937444 #938577 #940338 #940946 
                    #941363 #942476 #943989 #944749 #945649 #947953 
                    #949440 #949936 #950292 #951199 #951392 #951615 
                    #952579 #952976 #954992 #955118 #955354 #955654 
                    #956514 #956708 #957525 #957988 #957990 #958463 
                    #958886 #958951 #959090 #959146 #959190 #959257 
                    #959364 #959399 #959436 #959463 #959629 #960221 
                    #960227 #960281 #960300 #961202 #961257 #961500 
                    #961509 #961516 #961588 #961971 #962336 #962356 
                    #962788 #962965 #963449 #963572 #963765 #963767 
                    #963825 #964230 #964821 #965344 #965840 
Cross-References:   CVE-2013-7446 CVE-2015-0272 CVE-2015-5707
                    CVE-2015-7550 CVE-2015-7799 CVE-2015-8215
                    CVE-2015-8539 CVE-2015-8543 CVE-2015-8550
                    CVE-2015-8551 CVE-2015-8569 CVE-2015-8575
                    CVE-2015-8660 CVE-2015-8767 CVE-2015-8785
                    CVE-2016-0723 CVE-2016-2069
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP1
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Module for Public Cloud 12
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 54 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive
   various security and bugfixes.

   The following security bugs were fixed:
   - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the
     Linux kernel allowed local users to bypass intended AF_UNIX socket
     permissions or cause a denial of service (panic) via crafted epoll_ctl
     calls (bnc#955654).
   - CVE-2015-5707: Integer overflow in the sg_start_req function in
     drivers/scsi/sg.c in the Linux kernel allowed local users to cause a
     denial of service or possibly have unspecified other impact via a large
     iov_count value in a write request (bnc#940338).
   - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in
     the Linux kernel did not properly use a semaphore, which allowed local
     users to cause a denial of service (NULL pointer dereference and system
     crash) or possibly have unspecified other impact via a crafted
     application that leverages a race condition between keyctl_revoke and
     keyctl_read calls (bnc#958951).
   - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
     Linux kernel did not ensure that certain slot numbers are valid, which
     allowed local users to cause a denial of service (NULL pointer
     dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
     (bnc#949936).
   - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel
     did not validate attempted changes to the MTU value, which allowed
     context-dependent attackers to cause a denial of service (packet loss)
     via a value that was (1) smaller than the minimum compliant value or (2)
     larger than the MTU of an interface, as demonstrated by a Router
     Advertisement (RA) message that is not validated by a daemon, a
     different vulnerability than CVE-2015-0272 (bnc#955354).
   - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (BUG) via crafted
     keyctl commands that negatively instantiate a key, related to
     security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and
     security/keys/user_defined.c (bnc#958463).
   - CVE-2015-8543: The networking implementation in the Linux kernel did not
     validate protocol identifiers for certain protocol families, which
     allowed local users to cause a denial of service (NULL function pointer
     dereference and system crash) or possibly gain privileges by leveraging
     CLONE_NEWUSER support to execute a crafted SOCK_RAW application
     (bnc#958886).
   - CVE-2015-8550: Optimizations introduced by the compiler could have lead
     to double fetch vulnerabilities, potentially  possibly leading to
     arbitrary code execution in backend (bsc#957988).
   - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity
     checks on the device's state, allowing for DoS (bsc#957990).
   - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
     drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
     length, which allowed local users to obtain sensitive information from
     kernel memory and bypass the KASLR protection mechanism via a crafted
     application (bnc#959190).
   - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the
     Linux kernel did not verify an address length, which allowed local users     to obtain sensitive information from kernel memory and bypass the KASLR
     protection mechanism via a crafted application (bnc#959399).
   - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the
     Linux kernel attempted to merge distinct setattr operations, which
     allowed local users to bypass intended access restrictions and modify
     the attributes of arbitrary overlay files via a crafted application
     (bnc#960281).
   - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
     properly manage the relationship between a lock and a socket, which
     allowed local users to cause a denial of service (deadlock) via a
     crafted sctp_accept call (bnc#961509).
   - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in
     the Linux kernel allowed local users to cause a denial of service
     (infinite loop) via a writev system call that triggers a zero length for
     the first segment of an iov (bnc#963765).
   - CVE-2016-0723: Race condition in the tty_ioctl function in
     drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
     sensitive information from kernel memory or cause a denial of service
     (use-after-free and system crash) by making a TIOCGETD ioctl call during
     processing of a TIOCSETD ioctl call (bnc#961500).
   - CVE-2016-2069: A race in invalidating paging structures that were not in
     use locally could have lead to disclosoure of information or arbitrary
     code exectution (bnc#963767).

   The following non-security bugs were fixed:
   - ACPI: Introduce apic_id in struct processor to save parsed APIC id
     (bsc#959463).
   - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463).
   - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463).
   - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).
   - Add sd_mod to initrd modules. For some reason PowerVM backend can't work
     without sd_mod
   - Do not modify perf bias performance setting by default at boot
     (bnc#812259, bsc#959629).
   - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946,
     bsc#937444).
   - Driver for IBM System i/p VNIC protocol
   - Drop blktap patches from SLE12, since the driver is unsupported
   - Improve fairness when locking the per-superblock s_anon list
     (bsc#957525, bsc#941363).
   - Input: aiptek - fix crash on detecting device without endpoints
     (bnc#956708).
   - NFSD: Do not start lockd when only NFSv4 is running
   - NFSv4: Recovery of recalled read delegations is broken (bsc#956514).
   - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the
     CPU we need it to run on
   - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257).
   - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1.
     Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd
     applied, victim of 1 reports performance regression (1,2
     https://lkml.org/lkml/2016/2/4/618) 3. Leads to scheduling work to
     offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound
     delayed work timer is no longer deflected to a housekeeper CPU.
   - be2net: fix some log messages (bnc#855062, bnc#867583).
   - blktap: also call blkif_disconnect() when frontend switched to closed
     (bsc#952976).
   - blktap: refine mm tracking (bsc#952976).
   - block: Always check queue limits for cloned requests (bsc#902606).
   - block: Always check queue limits for cloned requests (bsc#902606).
   - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821).
   - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
   - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).
   - btrfs: backref: Add special time_seq == (u64)-1 case for
     btrfs_find_all_roots() (bnc#935087, bnc#945649).
   - btrfs: backref: Do not merge refs which are not for same block
     (bnc#935087, bnc#945649).
   - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,
     bnc#945649).
   - btrfs: delayed-ref: Use list to replace the ref_root in ref_head
     (bnc#935087, bnc#945649).
   - btrfs: extent-tree: Use ref_node to replace unneeded parameters in
     __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
   - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).
   - btrfs: fix deadlock between direct IO write and defrag/readpages
     (bnc#965344).
   - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,
     bnc#945649).
   - btrfs: fix order by which delayed references are run (bnc#949440).
   - btrfs: fix qgroup sanity tests (bnc#951615).
   - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
   - btrfs: fix regression running delayed references when using qgroups
     (bnc#951615).
   - btrfs: fix regression when running delayed references (bnc#951615).
   - btrfs: fix sleeping inside atomic context in qgroup rescan worker
     (bnc#960300).
   - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add new function to record old_roots (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add new qgroup calculation function
     btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
   - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan
     (bnc#960300).
   - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Make snapshot accounting work with new extent-oriented
     qgroup (bnc#935087, bnc#945649).
   - btrfs: qgroup: Record possible quota-related extent for qgroup
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: account shared subtree during snapshot delete
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).
   - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
   - btrfs: qgroup: fix quota disable during rescan (bnc#960300).
   - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,
     bnc#945649).
   - btrfs: remove transaction from send (bnc#935087, bnc#945649).
   - btrfs: skip locking when searching commit root (bnc#963825).
   - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
   - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,
     bnc#945649).
   - crypto: nx - use common code for both NX decompress success cases
     (bsc#942476).
   - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221).
   - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).
   - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same
     memory range (bsc#959463).
   - drivers/firmware/memmap.c: do not create memmap sysfs of same
     firmware_map_entry (bsc#959463).
   - drivers/firmware/memmap.c: pass the correct argument to
     firmware_map_find_entry_bootmem() (bsc#959463).
   - e1000e: Do not read ICR in Other interrupt (bsc#924919).
   - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
   - e1000e: Fix msi-x interrupt automask (bsc#924919).
   - e1000e: Remove unreachable code (bsc#924919).
   - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765).
   - group-source-files: mark module.lds as devel file ld: cannot open linker
     script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such
     file or directory
   - ipv6: fix tunnel error handling (bsc#952579).
   - jbd2: Fix unreclaimed pages after truncate in data=journal mode
     (bsc#961516).
   - kABI: reintroduce blk_rq_check_limits.
   - kabi: protect struct acpi_processor signature (bsc#959463).
   - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup
     (bsc#940946, bsc#937444).
   - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946,
     bsc#937444).
   - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444).
   - kernel: inadvertent free of the vector register save area (bnc#961202).
   - kexec: Fix race between panic() and crash_kexec() (bsc#940946,
     bsc#937444).
   - kgr: Remove the confusing search for fentry
   - kgr: Safe way to avoid an infinite redirection
   - kgr: do not print error for !abort_if_missing symbols (bnc#943989).
   - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).
   - kgr: log when modifying kernel
   - kgr: mark some more missed kthreads (bnc#962336).
   - kgr: usb/storage: do not emit thread awakened (bnc#899908).
   - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463).
   - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463).
   - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463).
   - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and
     make it non-static (bsc#959463).
   - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address
     (bsc#959463).
   - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463).
   - kvm: x86: Add request bit to reload APIC access page address
     (bsc#959463).
   - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463).
   - libiscsi: Fix host busy blocking during connection teardown.
   - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
   - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118).
   - md/bitmap: remove confusing code from filemap_get_page.
   - md/bitmap: remove rcu annotation from pointer arithmetic.
   - mem-hotplug: reset node managed pages when hot-adding a new pgdat
     (bsc#959463).
   - mem-hotplug: reset node present pages when hot-adding a new pgdat
     (bsc#959463).
   - memory-hotplug: clear pgdat which is allocated by bootmem in
     try_offline_node() (bsc#959463).
   - mm/memory_hotplug.c: check for missing sections in
     test_pages_in_a_zone() (VM Functionality, bnc#961588).
   - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM
     Performance, bnc#959436).
   - module: keep percpu symbols in module's symtab (bsc#962788).
   - nmi: provide the option to issue an NMI back trace to every cpu but
     current (bsc#940946, bsc#937444).
   - nmi: provide the option to issue an NMI back trace to every cpu but
     current (bsc#940946, bsc#937444).
   - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).
   - panic, x86: Allow CPUs to save registers even if looping in NMI context
     (bsc#940946, bsc#937444).
   - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946,
     bsc#937444).
   - pci: Check for valid tags when calculating the VPD size (bsc#959146).
   - qeth: initialize net_device with carrier off (bnc#964230).
   - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB
     on s390x, 20GB elsewhere.
   - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
   - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency
     (bsc#959090)
   - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel
     (bsc#959090).
   - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
   - rpm/kernel-binary.spec.in: Use bzip compression to speed up build
     (bsc#962356)
   - rpm/kernel-source.spec.in: Install kernel-macros for
     kernel-source-vanilla (bsc#959090)
   - rpm/kernel-spec-macros: Do not modify the release string in PTFs
     (bsc#963449)
   - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop
   - s390/cio: ensure consistent measurement state (bnc#964230).
   - s390/cio: fix measurement characteristics memleak (bnc#964230).
   - s390/cio: update measurement characteristics (bnc#964230).
   - s390/dasd: fix failfast for disconnected devices (bnc#961202).
   - s390/vtime: correct scaled cputime for SMT (bnc#964230).
   - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230).
   - s390/vtime: limit MT scaling value updates (bnc#964230).
   - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA
     Balancing).
   - sched/fair: Care divide error in update_task_scan_period() (bsc#959463).
   - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group
     (bnc#960227).
   - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline
     (bnc#960227).
   - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA
     Balancing).
   - sched: Fix race between task_group and sched_task_group (Automatic NUMA
     Balancing).
   - scsi: restart list search after unlock in scsi_remove_target
     (bsc#944749, bsc#959257).
   - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840).
   - supported.conf: Add netfilter modules to base (bsc#950292)
   - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292)
   - supported.conf: Add vfat to -base to be able to mount the ESP
     (bsc#950292).
   - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base
     (bsc#950292)
   - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292).
   - supported.conf: drop +external from ghash-clmulni-intel It was agreed
     that it does not make sense to maintain "external" for this specific
     module. Furthermore it causes problems in rather ordinary VMware
     environments. (bsc#961971)
   - udp: properly support MSG_PEEK with truncated buffers (bsc#951199
     bsc#959364).
   - x86, xsave: Support eager-only xsave features, add MPX support
     (bsc#938577).
   - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946,
     bsc#937444).
   - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means
     the end (bsc#938577).
   - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577).
   - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577).
   - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,
     bsc#937444).
   - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,
     bsc#937444).
   - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set
     (bsc#957990 XSA-157).
   - xfs: add a few more verifier tests (bsc#947953).
   - xfs: fix double free in xlog_recover_commit_trans (bsc#947953).
   - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP1:

      zypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):

      kernel-default-debuginfo-3.12.53-60.30.1
      kernel-default-debugsource-3.12.53-60.30.1
      kernel-default-extra-3.12.53-60.30.1
      kernel-default-extra-debuginfo-3.12.53-60.30.1

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      kernel-obs-build-3.12.53-60.30.2
      kernel-obs-build-debugsource-3.12.53-60.30.2

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):

      kernel-docs-3.12.53-60.30.2

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      kernel-default-3.12.53-60.30.1
      kernel-default-base-3.12.53-60.30.1
      kernel-default-base-debuginfo-3.12.53-60.30.1
      kernel-default-debuginfo-3.12.53-60.30.1
      kernel-default-debugsource-3.12.53-60.30.1
      kernel-default-devel-3.12.53-60.30.1
      kernel-syms-3.12.53-60.30.1

   - SUSE Linux Enterprise Server 12-SP1 (x86_64):

      kernel-xen-3.12.53-60.30.1
      kernel-xen-base-3.12.53-60.30.1
      kernel-xen-base-debuginfo-3.12.53-60.30.1
      kernel-xen-debuginfo-3.12.53-60.30.1
      kernel-xen-debugsource-3.12.53-60.30.1
      kernel-xen-devel-3.12.53-60.30.1
      lttng-modules-2.7.0-3.1
      lttng-modules-debugsource-2.7.0-3.1
      lttng-modules-kmp-default-2.7.0_k3.12.53_60.30-3.1
      lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.53_60.30-3.1

   - SUSE Linux Enterprise Server 12-SP1 (noarch):

      kernel-devel-3.12.53-60.30.1
      kernel-macros-3.12.53-60.30.1
      kernel-source-3.12.53-60.30.1

   - SUSE Linux Enterprise Server 12-SP1 (s390x):

      kernel-default-man-3.12.53-60.30.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.53-60.30.1
      kernel-ec2-debuginfo-3.12.53-60.30.1
      kernel-ec2-debugsource-3.12.53-60.30.1
      kernel-ec2-devel-3.12.53-60.30.1
      kernel-ec2-extra-3.12.53-60.30.1
      kernel-ec2-extra-debuginfo-3.12.53-60.30.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-3_12_53-60_30-default-1-2.1
      kgraft-patch-3_12_53-60_30-xen-1-2.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      kernel-default-3.12.53-60.30.1
      kernel-default-debuginfo-3.12.53-60.30.1
      kernel-default-debugsource-3.12.53-60.30.1
      kernel-default-devel-3.12.53-60.30.1
      kernel-default-extra-3.12.53-60.30.1
      kernel-default-extra-debuginfo-3.12.53-60.30.1
      kernel-syms-3.12.53-60.30.1
      kernel-xen-3.12.53-60.30.1
      kernel-xen-debuginfo-3.12.53-60.30.1
      kernel-xen-debugsource-3.12.53-60.30.1
      kernel-xen-devel-3.12.53-60.30.1

   - SUSE Linux Enterprise Desktop 12-SP1 (noarch):

      kernel-devel-3.12.53-60.30.1
      kernel-macros-3.12.53-60.30.1
      kernel-source-3.12.53-60.30.1


References:

   https://www.suse.com/security/cve/CVE-2013-7446.html
   https://www.suse.com/security/cve/CVE-2015-0272.html
   https://www.suse.com/security/cve/CVE-2015-5707.html
   https://www.suse.com/security/cve/CVE-2015-7550.html
   https://www.suse.com/security/cve/CVE-2015-7799.html
   https://www.suse.com/security/cve/CVE-2015-8215.html
   https://www.suse.com/security/cve/CVE-2015-8539.html
   https://www.suse.com/security/cve/CVE-2015-8543.html
   https://www.suse.com/security/cve/CVE-2015-8550.html
   https://www.suse.com/security/cve/CVE-2015-8551.html
   https://www.suse.com/security/cve/CVE-2015-8569.html
   https://www.suse.com/security/cve/CVE-2015-8575.html
   https://www.suse.com/security/cve/CVE-2015-8660.html
   https://www.suse.com/security/cve/CVE-2015-8767.html
   https://www.suse.com/security/cve/CVE-2015-8785.html
   https://www.suse.com/security/cve/CVE-2016-0723.html
   https://www.suse.com/security/cve/CVE-2016-2069.html
   https://bugzilla.suse.com/812259
   https://bugzilla.suse.com/855062
   https://bugzilla.suse.com/867583
   https://bugzilla.suse.com/899908
   https://bugzilla.suse.com/902606
   https://bugzilla.suse.com/924919
   https://bugzilla.suse.com/935087
   https://bugzilla.suse.com/937261
   https://bugzilla.suse.com/937444
   https://bugzilla.suse.com/938577
   https://bugzilla.suse.com/940338
   https://bugzilla.suse.com/940946
   https://bugzilla.suse.com/941363
   https://bugzilla.suse.com/942476
   https://bugzilla.suse.com/943989
   https://bugzilla.suse.com/944749
   https://bugzilla.suse.com/945649
   https://bugzilla.suse.com/947953
   https://bugzilla.suse.com/949440
   https://bugzilla.suse.com/949936
   https://bugzilla.suse.com/950292
   https://bugzilla.suse.com/951199
   https://bugzilla.suse.com/951392
   https://bugzilla.suse.com/951615
   https://bugzilla.suse.com/952579
   https://bugzilla.suse.com/952976
   https://bugzilla.suse.com/954992
   https://bugzilla.suse.com/955118
   https://bugzilla.suse.com/955354
   https://bugzilla.suse.com/955654
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/956708
   https://bugzilla.suse.com/957525
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/957990
   https://bugzilla.suse.com/958463
   https://bugzilla.suse.com/958886
   https://bugzilla.suse.com/958951
   https://bugzilla.suse.com/959090
   https://bugzilla.suse.com/959146
   https://bugzilla.suse.com/959190
   https://bugzilla.suse.com/959257
   https://bugzilla.suse.com/959364
   https://bugzilla.suse.com/959399
   https://bugzilla.suse.com/959436
   https://bugzilla.suse.com/959463
   https://bugzilla.suse.com/959629
   https://bugzilla.suse.com/960221
   https://bugzilla.suse.com/960227
   https://bugzilla.suse.com/960281
   https://bugzilla.suse.com/960300
   https://bugzilla.suse.com/961202
   https://bugzilla.suse.com/961257
   https://bugzilla.suse.com/961500
   https://bugzilla.suse.com/961509
   https://bugzilla.suse.com/961516
   https://bugzilla.suse.com/961588
   https://bugzilla.suse.com/961971
   https://bugzilla.suse.com/962336
   https://bugzilla.suse.com/962356
   https://bugzilla.suse.com/962788
   https://bugzilla.suse.com/962965
   https://bugzilla.suse.com/963449
   https://bugzilla.suse.com/963572
   https://bugzilla.suse.com/963765
   https://bugzilla.suse.com/963767
   https://bugzilla.suse.com/963825
   https://bugzilla.suse.com/964230
   https://bugzilla.suse.com/964821
   https://bugzilla.suse.com/965344
   https://bugzilla.suse.com/965840

SuSE: 2016:0585-1: important: the Linux Kernel

February 25, 2016

An update that solves 17 vulnerabilities and has 54 fixes An update that solves 17 vulnerabilities and has 54 fixes An update that solves 17 vulnerabilities and has 54 fixes is now...

Summary

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767). The following non-security bugs were fixed: - ACPI: Introduce apic_id in struct processor to save parsed APIC id (bsc#959463). - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463). - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463). - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261). - Add sd_mod to initrd modules. For some reason PowerVM backend can't work without sd_mod - Do not modify perf bias performance setting by default at boot (bnc#812259, bsc#959629). - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946, bsc#937444). - Driver for IBM System i/p VNIC protocol - Drop blktap patches from SLE12, since the driver is unsupported - Improve fairness when locking the per-superblock s_anon list (bsc#957525, bsc#941363). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - NFSD: Do not start lockd when only NFSv4 is running - NFSv4: Recovery of recalled read delegations is broken (bsc#956514). - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the CPU we need it to run on - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257). - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1. Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd applied, victim of 1 reports performance regression (1,2 https://lkml.org/lkml/2016/2/4/618) 3. Leads to scheduling work to offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound delayed work timer is no longer deflected to a housekeeper CPU. - be2net: fix some log messages (bnc#855062, bnc#867583). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#902606). - block: Always check queue limits for cloned requests (bsc#902606). - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649). - btrfs: remove transaction from send (bnc#935087, bnc#945649). - btrfs: skip locking when searching commit root (bnc#963825). - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - crypto: nx - use common code for both NX decompress success cases (bsc#942476). - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same memory range (bsc#959463). - drivers/firmware/memmap.c: do not create memmap sysfs of same firmware_map_entry (bsc#959463). - drivers/firmware/memmap.c: pass the correct argument to firmware_map_find_entry_bootmem() (bsc#959463). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765). - group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory - ipv6: fix tunnel error handling (bsc#952579). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kABI: reintroduce blk_rq_check_limits. - kabi: protect struct acpi_processor signature (bsc#959463). - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup (bsc#940946, bsc#937444). - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946, bsc#937444). - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444). - kernel: inadvertent free of the vector register save area (bnc#961202). - kexec: Fix race between panic() and crash_kexec() (bsc#940946, bsc#937444). - kgr: Remove the confusing search for fentry - kgr: Safe way to avoid an infinite redirection - kgr: do not print error for !abort_if_missing symbols (bnc#943989). - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572). - kgr: log when modifying kernel - kgr: mark some more missed kthreads (bnc#962336). - kgr: usb/storage: do not emit thread awakened (bnc#899908). - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463). - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463). - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463). - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and make it non-static (bsc#959463). - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address (bsc#959463). - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463). - kvm: x86: Add request bit to reload APIC access page address (bsc#959463). - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463). - libiscsi: Fix host busy blocking during connection teardown. - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118). - md/bitmap: remove confusing code from filemap_get_page. - md/bitmap: remove rcu annotation from pointer arithmetic. - mem-hotplug: reset node managed pages when hot-adding a new pgdat (bsc#959463). - mem-hotplug: reset node present pages when hot-adding a new pgdat (bsc#959463). - memory-hotplug: clear pgdat which is allocated by bootmem in try_offline_node() (bsc#959463). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (VM Functionality, bnc#961588). - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM Performance, bnc#959436). - module: keep percpu symbols in module's symtab (bsc#962788). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - panic, x86: Allow CPUs to save registers even if looping in NMI context (bsc#940946, bsc#937444). - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946, bsc#937444). - pci: Check for valid tags when calculating the VPD size (bsc#959146). - qeth: initialize net_device with carrier off (bnc#964230). - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere. - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency (bsc#959090) - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel (bsc#959090). - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file - rpm/kernel-binary.spec.in: Use bzip compression to speed up build (bsc#962356) - rpm/kernel-source.spec.in: Install kernel-macros for kernel-source-vanilla (bsc#959090) - rpm/kernel-spec-macros: Do not modify the release string in PTFs (bsc#963449) - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop - s390/cio: ensure consistent measurement state (bnc#964230). - s390/cio: fix measurement characteristics memleak (bnc#964230). - s390/cio: update measurement characteristics (bnc#964230). - s390/dasd: fix failfast for disconnected devices (bnc#961202). - s390/vtime: correct scaled cputime for SMT (bnc#964230). - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230). - s390/vtime: limit MT scaling value updates (bnc#964230). - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched/fair: Care divide error in update_task_scan_period() (bsc#959463). - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group (bnc#960227). - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline (bnc#960227). - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched: Fix race between task_group and sched_task_group (Automatic NUMA Balancing). - scsi: restart list search after unlock in scsi_remove_target (bsc#944749, bsc#959257). - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840). - supported.conf: Add netfilter modules to base (bsc#950292) - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292) - supported.conf: Add vfat to -base to be able to mount the ESP (bsc#950292). - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base (bsc#950292) - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292). - supported.conf: drop +external from ghash-clmulni-intel It was agreed that it does not make sense to maintain "external" for this specific module. Furthermore it causes problems in rather ordinary VMware environments. (bsc#961971) - udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364). - x86, xsave: Support eager-only xsave features, add MPX support (bsc#938577). - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946, bsc#937444). - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means the end (bsc#938577). - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577). - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). - xfs: add a few more verifier tests (bsc#947953). - xfs: fix double free in xlog_recover_commit_trans (bsc#947953). - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.53-60.30.2 kernel-obs-build-debugsource-3.12.53-60.30.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.53-60.30.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.53-60.30.1 kernel-default-base-3.12.53-60.30.1 kernel-default-base-debuginfo-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.53-60.30.1 kernel-xen-base-3.12.53-60.30.1 kernel-xen-base-debuginfo-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 lttng-modules-2.7.0-3.1 lttng-modules-debugsource-2.7.0-3.1 lttng-modules-kmp-default-2.7.0_k3.12.53_60.30-3.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.53_60.30-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.53-60.30.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.53-60.30.1 kernel-ec2-debuginfo-3.12.53-60.30.1 kernel-ec2-debugsource-3.12.53-60.30.1 kernel-ec2-devel-3.12.53-60.30.1 kernel-ec2-extra-3.12.53-60.30.1 kernel-ec2-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-1-2.1 kgraft-patch-3_12_53-60_30-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 kernel-xen-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1

References

#812259 #855062 #867583 #899908 #902606 #924919

#935087 #937261 #937444 #938577 #940338 #940946

#941363 #942476 #943989 #944749 #945649 #947953

#949440 #949936 #950292 #951199 #951392 #951615

#952579 #952976 #954992 #955118 #955354 #955654

#956514 #956708 #957525 #957988 #957990 #958463

#958886 #958951 #959090 #959146 #959190 #959257

#959364 #959399 #959436 #959463 #959629 #960221

#960227 #960281 #960300 #961202 #961257 #961500

#961509 #961516 #961588 #961971 #962336 #962356

#962788 #962965 #963449 #963572 #963765 #963767

#963825 #964230 #964821 #965344 #965840

Cross- CVE-2013-7446 CVE-2015-0272 CVE-2015-5707

CVE-2015-7550 CVE-2015-7799 CVE-2015-8215

CVE-2015-8539 CVE-2015-8543 CVE-2015-8550

CVE-2015-8551 CVE-2015-8569 CVE-2015-8575

CVE-2015-8660 CVE-2015-8767 CVE-2015-8785

CVE-2016-0723 CVE-2016-2069

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP1

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Module for Public Cloud 12

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2013-7446.html

https://www.suse.com/security/cve/CVE-2015-0272.html

https://www.suse.com/security/cve/CVE-2015-5707.html

https://www.suse.com/security/cve/CVE-2015-7550.html

https://www.suse.com/security/cve/CVE-2015-7799.html

https://www.suse.com/security/cve/CVE-2015-8215.html

https://www.suse.com/security/cve/CVE-2015-8539.html

https://www.suse.com/security/cve/CVE-2015-8543.html

https://www.suse.com/security/cve/CVE-2015-8550.html

https://www.suse.com/security/cve/CVE-2015-8551.html

https://www.suse.com/security/cve/CVE-2015-8569.html

https://www.suse.com/security/cve/CVE-2015-8575.html

https://www.suse.com/security/cve/CVE-2015-8660.html

https://www.suse.com/security/cve/CVE-2015-8767.html

https://www.suse.com/security/cve/CVE-2015-8785.html

https://www.suse.com/security/cve/CVE-2016-0723.html

https://www.suse.com/security/cve/CVE-2016-2069.html

https://bugzilla.suse.com/812259

https://bugzilla.suse.com/855062

https://bugzilla.suse.com/867583

https://bugzilla.suse.com/899908

https://bugzilla.suse.com/902606

https://bugzilla.suse.com/924919

https://bugzilla.suse.com/935087

https://bugzilla.suse.com/937261

https://bugzilla.suse.com/937444

https://bugzilla.suse.com/938577

https://bugzilla.suse.com/940338

https://bugzilla.suse.com/940946

https://bugzilla.suse.com/941363

https://bugzilla.suse.com/942476

https://bugzilla.suse.com/943989

https://bugzilla.suse.com/944749

https://bugzilla.suse.com/945649

https://bugzilla.suse.com/947953

https://bugzilla.suse.com/949440

https://bugzilla.suse.com/949936

https://bugzilla.suse.com/950292

https://bugzilla.suse.com/951199

https://bugzilla.suse.com/951392

https://bugzilla.suse.com/951615

https://bugzilla.suse.com/952579

https://bugzilla.suse.com/952976

https://bugzilla.suse.com/954992

https://bugzilla.suse.com/955118

https://bugzilla.suse.com/955354

https://bugzilla.suse.com/955654

https://bugzilla.suse.com/956514

https://bugzilla.suse.com/956708

https://bugzilla.suse.com/957525

https://bugzilla.suse.com/957988

https://bugzilla.suse.com/957990

https://bugzilla.suse.com/958463

https://bugzilla.suse.com/958886

https://bugzilla.suse.com/958951

https://bugzilla.suse.com/959090

https://bugzilla.suse.com/959146

https://bugzilla.suse.com/959190

https://bugzilla.suse.com/959257

https://bugzilla.suse.com/959364

https://bugzilla.suse.com/959399

https://bugzilla.suse.com/959436

https://bugzilla.suse.com/959463

https://bugzilla.suse.com/959629

https://bugzilla.suse.com/960221

https://bugzilla.suse.com/960227

https://bugzilla.suse.com/960281

https://bugzilla.suse.com/960300

https://bugzilla.suse.com/961202

https://bugzilla.suse.com/961257

https://bugzilla.suse.com/961500

https://bugzilla.suse.com/961509

https://bugzilla.suse.com/961516

https://bugzilla.suse.com/961588

https://bugzilla.suse.com/961971

https://bugzilla.suse.com/962336

https://bugzilla.suse.com/962356

https://bugzilla.suse.com/962788

https://bugzilla.suse.com/962965

https://bugzilla.suse.com/963449

https://bugzilla.suse.com/963572

https://bugzilla.suse.com/963765

https://bugzilla.suse.com/963767

https://bugzilla.suse.com/963825

https://bugzilla.suse.com/964230

https://bugzilla.suse.com/964821

https://bugzilla.suse.com/965344

https://bugzilla.suse.com/965840

Severity

Announcement ID: SUSE-SU-2016:0585-1

Rating: important

Get the Latest News & Insights

SuSE: 2016:0585-1: important: the Linux Kernel

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By