SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0407-1
Rating:             important
References:         #1003813 #1005666 #1007197 #1008557 #1008567 
                    #1008831 #1008833 #1008876 #1008979 #1009062 
                    #1009969 #1010040 #1010213 #1010294 #1010475 
                    #1010478 #1010501 #1010502 #1010507 #1010612 
                    #1010711 #1010716 #1011685 #1012060 #1012422 
                    #1012754 #1012917 #1012985 #1013001 #1013038 
                    #1013479 #1013531 #1013533 #1013540 #1013604 
                    #1014410 #1014746 #1016713 #1016725 #1016961 
                    #1017164 #1017170 #1017410 #1017710 #1018100 
                    #1019032 #1019148 #1019260 #1019300 #1019783 
                    #1019851 #1020214 #1020602 #1021258 #856380 
                    #857394 #858727 #921338 #921778 #922052 #922056 
                    #923036 #923037 #924381 #938963 #972993 #980560 
                    #981709 #983087 #983348 #984194 #984419 #985850 
                    #987192 #987576 #990384 #991273 #993739 #997807 
                    #999101 
Cross-References:   CVE-2015-8962 CVE-2015-8963 CVE-2015-8964
                    CVE-2016-10088 CVE-2016-7910 CVE-2016-7911
                    CVE-2016-7913 CVE-2016-7914 CVE-2016-8399
                    CVE-2016-8632 CVE-2016-8633 CVE-2016-8645
                    CVE-2016-8655 CVE-2016-9083 CVE-2016-9084
                    CVE-2016-9555 CVE-2016-9576 CVE-2016-9756
                    CVE-2016-9793 CVE-2016-9794 CVE-2016-9806
                    CVE-2017-2583 CVE-2017-2584 CVE-2017-5551
                   
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP1
______________________________________________________________________________

   An update that solves 24 vulnerabilities and has 56 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem
     that allowed local users to gain privileges or cause a denial of service
     (memory corruption and system crash) (bnc#1010501).
   - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010502).
   - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that
     allowed local users to obtain sensitive information from kernel memory
     (bnc#1010507).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free)
     (bnc#1017710).
   - CVE-2016-7910: Fixed a use-after-free vulnerability in the block
     subsystem that allowed local users to gain privileges (bnc#1010716).
   - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function
     that allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010711).
   - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1010478).
   - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did
     not check whether a slot is a leaf, which allowed local users to obtain
     sensitive information from kernel memory or cause a denial of service
     (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
   - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could
     have enabled a local malicious application to execute arbitrary code
     within the context of the kernel. (bnc#1014746).
   - CVE-2016-8632: The net subsystem did not validate the relationship
     between the minimum fragment length and the maximum packet size, which
     allowed local users to gain privileges or cause a denial of service
     (heap-based buffer overflow) (bnc#1008831).
   - CVE-2016-8633: The firewire subsystem allowed remote attackers to
     execute arbitrary code via crafted fragmented packets in certain unusual
     hardware configurations (bnc#1008833).
   - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
     truncation, which allowed local users to cause a denial of service
     (system crash) (bnc#1009969).
   - CVE-2016-8655: Fixed a race condition in the network subsystem that
     allowed local users to gain privileges or cause a denial of service
     (use-after-free) (bnc#1012754).
   - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow
     checks and cause a denial of service (memory corruption) or have
     unspecified other impact (bnc#1007197).
   - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which
     allowed local users to cause a denial of service (integer overflow) or
     have unspecified other impact (bnc#1007197).
   - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote
     attackers to cause a denial of service (out-of-bounds slab access) or
     possibly have unspecified other impact via crafted SCTP data
     (bnc#1011685).
   - CVE-2016-9576: The block subsystem did not properly restrict the type of
     iterator, which allowed local users to read or write to arbitrary kernel
     memory locations or cause a denial of service (use-after-free)
     (bnc#1013604).
   - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS)
     in certain error cases, which allowed local users to obtain sensitive
     information from kernel stack memory (bnc#1013038).
   - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf
     and sk_rcvbuf, which allowed local users to cause a denial of service
     (memory corruption and system crash) or possibly have unspecified other
     impact (bnc#1013531).
   - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed
     local users to cause a denial of service (use-after-free) or possibly
     have unspecified other impact (bnc#1013533).
   - CVE-2016-9806: Fixed a race condition in the netlink_dump() function
     which could have allowed local users to cause a denial of service
     (double free) or possibly have unspecified other impact (bnc#1013540).
   - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector"
     (bsc#1020602).
   - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local
     users to obtain sensitive information from kernel memory or cause a
     denial of service (use-after-free) (bnc#1019851).
   - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set
     setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).

   The following non-security bugs were fixed:

   - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
   - block_dev: do not test bdev->bd_contains when it is not stable
     (bsc#1008557).
   - bna: Add synchronization for tx ring (bsc#993739).
   - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052
     bsc#922056).
   - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
   - bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
   - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space
     (bsc#1005666).
   - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c
     (bsc#983087).
   - btrfs: Revert "do not delay inode ref updates during log replay"
     (bsc#987192).
   - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in
     btrfs_ioctl (bsc#1018100).
   - btrfs: do not delay inode ref updates during log replay (bsc#987192).
   - btrfs: fix incremental send failure caused by balance (bsc#985850).
   - btrfs: fix relocation incorrectly dropping data references (bsc#990384).
   - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
     (bsc#981709).
   - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing
     (bsc#983087).
   - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
     (bsc#981709).
   - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
   - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)
     (bsc#1008876).
   - cpuset: fix sched_load_balance that was accidentally broken in a
     previous update (bsc#1010294).
   - ext4: fix data exposure after a crash (bsc#1012985).
   - fs/dcache: move the call of __d_drop(anon) into
     __d_materialise_unique(dentry, anon) (bsc#984194).
   - fuse: do not use iocb after it may have been freed (bsc#1012985).
   - hpilo: Add support for iLO5 (bsc#999101).
   - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381
     bsc#921338).
   - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
   - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).
   - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).
   - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
   - ibmveth: calculate gso_segs for large packets (bsc#1019148).
   - ibmveth: check return of skb_linearize in ibmveth_start_xmit
     (bsc#1019148).
   - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
   - ibmveth: set correct gso_size and gso_type (bsc#1019148).
   - igb: Fix oops caused by missing queue pairing (bnc#857394).
   - ipmi_si: create hardware-independent softdep for ipmi_devintf
     (bsc#1009062).
   - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
   - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).
   - kabi: protect __sk_mem_reclaim (kabi).
   - kabi: protect struct perf_event_context (kabi).
   - kabi: reintroduce sk_filter (kabi).
   - kernel: remove broken memory detection sanity check (bnc#1008567,
     LTC#148072).
   - kgr: ignore zombie tasks during the patching (bnc#1008979).
   - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread
     (bsc#1010612).
   - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
   - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
   - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).
   - net/mlx5e: Do not modify CQ before it was created (bnc#923036).
   - net/mlx5e: Do not try to modify CQ moderation if it is not supported
     (bnc#923036).
   - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).
   - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
   - netback: correct array index (bsc#983348).
   - nfsv4: Cap the transport reconnection timer at 1/2 lease period
     (bsc#1014410).
   - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
   - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410).
   - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
   - posix_acl: Fixup acl reference leak and missing conversions in ext3,
     gfs2, jfs, hfsplus.
   - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec
     (bsc#1003813).
   - proc: avoid including "mountproto=" with no protocol in /proc/mounts
     (bsc#1019260).
   - raid1: ignore discard error (bsc#1017164).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
   - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter
     (bsc#1012060)
   - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
   - serial: 8250_pci: Detach low-level driver during PCI error recovery
     (bsc#1013001).
   - sfc: clear napi_hash state when copying channels (bsc#923037).
   - sfc: fix potential stack corruption from running past stat bitmask
     (bsc#923037).
   - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
   - sunrpc: Enforce an upper limit on the number of cached credentials
     (bsc#1012917).
   - sunrpc: Fix reconnection timeouts (bsc#1014410).
   - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
     (bsc#1014410).
   - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT
     REACHABLE (bsc#991273).
   - target: add XCOPY target/segment desc sense codes (bsc#991273).
   - target: bounds check XCOPY segment descriptor list (bsc#991273).
   - target: bounds check XCOPY total descriptor list length (bsc#991273).
   - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
   - target: check for XCOPY parameter truncation (bsc#991273).
   - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense
     (bsc#991273).
   - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
   - target: support XCOPY requests without parameters (bsc#991273).
   - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
   - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
   - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
     (bsc#921778).
   - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
   - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
     (bsc#1013479).
   - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short
     jumps to it (bsc#984419).
   - xenbus: correctly signal errors from xenstored_local_init() (luckily
     none so far).
   - xfs: allow lazy sb counter sync during filesystem freeze sequence
     (bsc#980560).
   - xfs: refactor xlog_recover_process_data() (bsc#1019300).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP1:

      zypper in -t patch SUSE-SLE-RT-12-SP1-2017-202=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch):

      kernel-devel-rt-3.12.69-60.30.1
      kernel-source-rt-3.12.69-60.30.1

   - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64):

      kernel-compute-3.12.69-60.30.1
      kernel-compute-base-3.12.69-60.30.1
      kernel-compute-base-debuginfo-3.12.69-60.30.1
      kernel-compute-debuginfo-3.12.69-60.30.1
      kernel-compute-debugsource-3.12.69-60.30.1
      kernel-compute-devel-3.12.69-60.30.1
      kernel-compute_debug-debuginfo-3.12.69-60.30.1
      kernel-compute_debug-debugsource-3.12.69-60.30.1
      kernel-compute_debug-devel-3.12.69-60.30.1
      kernel-compute_debug-devel-debuginfo-3.12.69-60.30.1
      kernel-rt-3.12.69-60.30.1
      kernel-rt-base-3.12.69-60.30.1
      kernel-rt-base-debuginfo-3.12.69-60.30.1
      kernel-rt-debuginfo-3.12.69-60.30.1
      kernel-rt-debugsource-3.12.69-60.30.1
      kernel-rt-devel-3.12.69-60.30.1
      kernel-rt_debug-debuginfo-3.12.69-60.30.1
      kernel-rt_debug-debugsource-3.12.69-60.30.1
      kernel-rt_debug-devel-3.12.69-60.30.1
      kernel-rt_debug-devel-debuginfo-3.12.69-60.30.1
      kernel-syms-rt-3.12.69-60.30.1


References:

   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8963.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7913.html
   https://www.suse.com/security/cve/CVE-2016-7914.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8632.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8645.html
   https://www.suse.com/security/cve/CVE-2016-8655.html
   https://www.suse.com/security/cve/CVE-2016-9083.html
   https://www.suse.com/security/cve/CVE-2016-9084.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9576.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2016-9794.html
   https://www.suse.com/security/cve/CVE-2016-9806.html
   https://www.suse.com/security/cve/CVE-2017-2583.html
   https://www.suse.com/security/cve/CVE-2017-2584.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003813
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1007197
   https://bugzilla.suse.com/1008557
   https://bugzilla.suse.com/1008567
   https://bugzilla.suse.com/1008831
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008876
   https://bugzilla.suse.com/1008979
   https://bugzilla.suse.com/1009062
   https://bugzilla.suse.com/1009969
   https://bugzilla.suse.com/1010040
   https://bugzilla.suse.com/1010213
   https://bugzilla.suse.com/1010294
   https://bugzilla.suse.com/1010475
   https://bugzilla.suse.com/1010478
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010502
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010612
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1012060
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012754
   https://bugzilla.suse.com/1012917
   https://bugzilla.suse.com/1012985
   https://bugzilla.suse.com/1013001
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013479
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013533
   https://bugzilla.suse.com/1013540
   https://bugzilla.suse.com/1013604
   https://bugzilla.suse.com/1014410
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1016713
   https://bugzilla.suse.com/1016725
   https://bugzilla.suse.com/1016961
   https://bugzilla.suse.com/1017164
   https://bugzilla.suse.com/1017170
   https://bugzilla.suse.com/1017410
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1018100
   https://bugzilla.suse.com/1019032
   https://bugzilla.suse.com/1019148
   https://bugzilla.suse.com/1019260
   https://bugzilla.suse.com/1019300
   https://bugzilla.suse.com/1019783
   https://bugzilla.suse.com/1019851
   https://bugzilla.suse.com/1020214
   https://bugzilla.suse.com/1020602
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/856380
   https://bugzilla.suse.com/857394
   https://bugzilla.suse.com/858727
   https://bugzilla.suse.com/921338
   https://bugzilla.suse.com/921778
   https://bugzilla.suse.com/922052
   https://bugzilla.suse.com/922056
   https://bugzilla.suse.com/923036
   https://bugzilla.suse.com/923037
   https://bugzilla.suse.com/924381
   https://bugzilla.suse.com/938963
   https://bugzilla.suse.com/972993
   https://bugzilla.suse.com/980560
   https://bugzilla.suse.com/981709
   https://bugzilla.suse.com/983087
   https://bugzilla.suse.com/983348
   https://bugzilla.suse.com/984194
   https://bugzilla.suse.com/984419
   https://bugzilla.suse.com/985850
   https://bugzilla.suse.com/987192
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/991273
   https://bugzilla.suse.com/993739
   https://bugzilla.suse.com/997807
   https://bugzilla.suse.com/999101

SuSE: 2017:0407-1: important: the Linux Kernel

February 6, 2017
An update that solves 24 vulnerabilities and has 56 fixes An update that solves 24 vulnerabilities and has 56 fixes An update that solves 24 vulnerabilities and has 56 fixes is now...

Summary

The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501). - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502). - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710). - CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716). - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711). - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475). - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746). - CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831). - CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969). - CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754). - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197). - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197). - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604). - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038). - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531). - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533). - CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540). - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector" (bsc#1020602). - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851). - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#922052 bsc#922056). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087). - btrfs: Revert "do not delay inode ref updates during log replay" (bsc#987192). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: do not delay inode ref updates during log replay (bsc#987192). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876). - cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294). - ext4: fix data exposure after a crash (bsc#1012985). - fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - fuse: do not use iocb after it may have been freed (bsc#1012985). - hpilo: Add support for iLO5 (bsc#999101). - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338). - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036). - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727). - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727). - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - igb: Fix oops caused by missing queue pairing (bnc#857394). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961). - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963). - kabi: protect __sk_mem_reclaim (kabi). - kabi: protect struct perf_event_context (kabi). - kabi: reintroduce sk_filter (kabi). - kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072). - kgr: ignore zombie tasks during the patching (bnc#1008979). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410). - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727). - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036). - net/mlx5e: Do not modify CQ before it was created (bnc#923036). - net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036). - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036). - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036). - netback: correct array index (bsc#983348). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus. - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - proc: avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260). - raid1: ignore discard error (bsc#1017164). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - sfc: clear napi_hash state when copying channels (bsc#923037). - sfc: fix potential stack corruption from running past stat bitmask (bsc#923037). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273). - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: check for XCOPY parameter truncation (bsc#991273). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - xenbus: correctly signal errors from xenstored_local_init() (luckily none so far). - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: refactor xlog_recover_process_data() (bsc#1019300). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2017-202=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch): kernel-devel-rt-3.12.69-60.30.1 kernel-source-rt-3.12.69-60.30.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): kernel-compute-3.12.69-60.30.1 kernel-compute-base-3.12.69-60.30.1 kernel-compute-base-debuginfo-3.12.69-60.30.1 kernel-compute-debuginfo-3.12.69-60.30.1 kernel-compute-debugsource-3.12.69-60.30.1 kernel-compute-devel-3.12.69-60.30.1 kernel-compute_debug-debuginfo-3.12.69-60.30.1 kernel-compute_debug-debugsource-3.12.69-60.30.1 kernel-compute_debug-devel-3.12.69-60.30.1 kernel-compute_debug-devel-debuginfo-3.12.69-60.30.1 kernel-rt-3.12.69-60.30.1 kernel-rt-base-3.12.69-60.30.1 kernel-rt-base-debuginfo-3.12.69-60.30.1 kernel-rt-debuginfo-3.12.69-60.30.1 kernel-rt-debugsource-3.12.69-60.30.1 kernel-rt-devel-3.12.69-60.30.1 kernel-rt_debug-debuginfo-3.12.69-60.30.1 kernel-rt_debug-debugsource-3.12.69-60.30.1 kernel-rt_debug-devel-3.12.69-60.30.1 kernel-rt_debug-devel-debuginfo-3.12.69-60.30.1 kernel-syms-rt-3.12.69-60.30.1

References

#1003813 #1005666 #1007197 #1008557 #1008567

#1008831 #1008833 #1008876 #1008979 #1009062

#1009969 #1010040 #1010213 #1010294 #1010475

#1010478 #1010501 #1010502 #1010507 #1010612

#1010711 #1010716 #1011685 #1012060 #1012422

#1012754 #1012917 #1012985 #1013001 #1013038

#1013479 #1013531 #1013533 #1013540 #1013604

#1014410 #1014746 #1016713 #1016725 #1016961

#1017164 #1017170 #1017410 #1017710 #1018100

#1019032 #1019148 #1019260 #1019300 #1019783

#1019851 #1020214 #1020602 #1021258 #856380

#857394 #858727 #921338 #921778 #922052 #922056

#923036 #923037 #924381 #938963 #972993 #980560

#981709 #983087 #983348 #984194 #984419 #985850

#987192 #987576 #990384 #991273 #993739 #997807

#999101

Cross- CVE-2015-8962 CVE-2015-8963 CVE-2015-8964

CVE-2016-10088 CVE-2016-7910 CVE-2016-7911

CVE-2016-7913 CVE-2016-7914 CVE-2016-8399

CVE-2016-8632 CVE-2016-8633 CVE-2016-8645

CVE-2016-8655 CVE-2016-9083 CVE-2016-9084

CVE-2016-9555 CVE-2016-9576 CVE-2016-9756

CVE-2016-9793 CVE-2016-9794 CVE-2016-9806

CVE-2017-2583 CVE-2017-2584 CVE-2017-5551

Affected Products:

SUSE Linux Enterprise Real Time Extension 12-SP1

https://www.suse.com/security/cve/CVE-2015-8962.html

https://www.suse.com/security/cve/CVE-2015-8963.html

https://www.suse.com/security/cve/CVE-2015-8964.html

https://www.suse.com/security/cve/CVE-2016-10088.html

https://www.suse.com/security/cve/CVE-2016-7910.html

https://www.suse.com/security/cve/CVE-2016-7911.html

https://www.suse.com/security/cve/CVE-2016-7913.html

https://www.suse.com/security/cve/CVE-2016-7914.html

https://www.suse.com/security/cve/CVE-2016-8399.html

https://www.suse.com/security/cve/CVE-2016-8632.html

https://www.suse.com/security/cve/CVE-2016-8633.html

https://www.suse.com/security/cve/CVE-2016-8645.html

https://www.suse.com/security/cve/CVE-2016-8655.html

https://www.suse.com/security/cve/CVE-2016-9083.html

https://www.suse.com/security/cve/CVE-2016-9084.html

https://www.suse.com/security/cve/CVE-2016-9555.html

https://www.suse.com/security/cve/CVE-2016-9576.html

https://www.suse.com/security/cve/CVE-2016-9756.html

https://www.suse.com/security/cve/CVE-2016-9793.html

https://www.suse.com/security/cve/CVE-2016-9794.html

https://www.suse.com/security/cve/CVE-2016-9806.html

https://www.suse.com/security/cve/CVE-2017-2583.html

https://www.suse.com/security/cve/CVE-2017-2584.html

https://www.suse.com/security/cve/CVE-2017-5551.html

https://bugzilla.suse.com/1003813

https://bugzilla.suse.com/1005666

https://bugzilla.suse.com/1007197

https://bugzilla.suse.com/1008557

https://bugzilla.suse.com/1008567

https://bugzilla.suse.com/1008831

https://bugzilla.suse.com/1008833

https://bugzilla.suse.com/1008876

https://bugzilla.suse.com/1008979

https://bugzilla.suse.com/1009062

https://bugzilla.suse.com/1009969

https://bugzilla.suse.com/1010040

https://bugzilla.suse.com/1010213

https://bugzilla.suse.com/1010294

https://bugzilla.suse.com/1010475

https://bugzilla.suse.com/1010478

https://bugzilla.suse.com/1010501

https://bugzilla.suse.com/1010502

https://bugzilla.suse.com/1010507

https://bugzilla.suse.com/1010612

https://bugzilla.suse.com/1010711

https://bugzilla.suse.com/1010716

https://bugzilla.suse.com/1011685

https://bugzilla.suse.com/1012060

https://bugzilla.suse.com/1012422

https://bugzilla.suse.com/1012754

https://bugzilla.suse.com/1012917

https://bugzilla.suse.com/1012985

https://bugzilla.suse.com/1013001

https://bugzilla.suse.com/1013038

https://bugzilla.suse.com/1013479

https://bugzilla.suse.com/1013531

https://bugzilla.suse.com/1013533

https://bugzilla.suse.com/1013540

https://bugzilla.suse.com/1013604

https://bugzilla.suse.com/1014410

https://bugzilla.suse.com/1014746

https://bugzilla.suse.com/1016713

https://bugzilla.suse.com/1016725

https://bugzilla.suse.com/1016961

https://bugzilla.suse.com/1017164

https://bugzilla.suse.com/1017170

https://bugzilla.suse.com/1017410

https://bugzilla.suse.com/1017710

https://bugzilla.suse.com/1018100

https://bugzilla.suse.com/1019032

https://bugzilla.suse.com/1019148

https://bugzilla.suse.com/1019260

https://bugzilla.suse.com/1019300

https://bugzilla.suse.com/1019783

https://bugzilla.suse.com/1019851

https://bugzilla.suse.com/1020214

https://bugzilla.suse.com/1020602

https://bugzilla.suse.com/1021258

https://bugzilla.suse.com/856380

https://bugzilla.suse.com/857394

https://bugzilla.suse.com/858727

https://bugzilla.suse.com/921338

https://bugzilla.suse.com/921778

https://bugzilla.suse.com/922052

https://bugzilla.suse.com/922056

https://bugzilla.suse.com/923036

https://bugzilla.suse.com/923037

https://bugzilla.suse.com/924381

https://bugzilla.suse.com/938963

https://bugzilla.suse.com/972993

https://bugzilla.suse.com/980560

https://bugzilla.suse.com/981709

https://bugzilla.suse.com/983087

https://bugzilla.suse.com/983348

https://bugzilla.suse.com/984194

https://bugzilla.suse.com/984419

https://bugzilla.suse.com/985850

https://bugzilla.suse.com/987192

https://bugzilla.suse.com/987576

https://bugzilla.suse.com/990384

https://bugzilla.suse.com/991273

https://bugzilla.suse.com/993739

https://bugzilla.suse.com/997807

https://bugzilla.suse.com/999101

Severity
Announcement ID: SUSE-SU-2017:0407-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved