Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1008-1
Rating: important
References: #814440 #884701 #949936 #951440 #951542 #951626
#951638 #953527 #954018 #954404 #954405 #954876
#958439 #958463 #958504 #959709 #960561 #960563
#960710 #961263 #961500 #961509 #962257 #962866
#962977 #963746 #963765 #963767 #963931 #965125
#966137 #966179 #966259 #966437 #966684 #966693
#968018 #969356 #969582 #970845 #971125
Cross-References: CVE-2015-1339 CVE-2015-7799 CVE-2015-7872
CVE-2015-7884 CVE-2015-8104 CVE-2015-8709
CVE-2015-8767 CVE-2015-8785 CVE-2015-8787
CVE-2015-8812 CVE-2016-0723 CVE-2016-2069
CVE-2016-2184 CVE-2016-2383 CVE-2016-2384

Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves 15 vulnerabilities and has 26 fixes
is now available.

Description:

The openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various
security and bugfixes.

The following security bugs were fixed:

- CVE-2015-1339: A memory leak in cuse could be used to exhaust kernel
memory. (bsc#969356).
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers are valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936 951638).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-7884: The vivid_fb_ioctl function in
drivers/media/platform/vivid/vivid-osd.c in the Linux kernel did not
initialize a certain structure member, which allowed local users to
obtain sensitive information from kernel memory via a crafted
application (bnc#951626).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and
gid mappings, which allowed local users to gain privileges by
establishing a user namespace, waiting for a root process to enter that
namespace with an unsafe uid or gid, and then using the ptrace system
call. NOTE: the vendor states "there is no kernel bug here
(bnc#959709).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
properly manage the relationship between a lock and a socket, which
allowed local users to cause a denial of service (deadlock) via a
crafted sctp_accept call. (bsc#961509)
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in
the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length for
the first segment of an iov (bnc#963765).
- CVE-2015-8787: The nf_nat_redirect_ipv4 function in
net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote
attackers to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact by sending
certain IPv4 packets to an incompletely configured interface, a related
issue to CVE-2003-1604 (bnc#963931).
- CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the
network was considered congested. The kernel would incorrectly
misinterpret the congestion as an error condition and incorrectly
free/clean up the skb. When the device would then send the skb's
queued,
these structures would be referenced and may panic the system
or allow an attacker to escalate privileges in a use-after-free
scenario. (bsc#966437).
- CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call (bnc#961500).
- CVE-2016-2069: When Linux invalidated a paging structure that is not in
use locally, it could, in principle, race against another CPU that is
switching to a process that uses the paging structure in question.
(bsc#963767)
- CVE-2016-2184: A malicious USB device could cause a kernel crash in the
alsa usb-audio driver. (bsc#971125)
- CVE-2016-2383: Incorrect branch fixups for eBPF allow arbitrary read
of kernel memory. (bsc#966684)
- CVE-2016-2384: A malicious USB device could cause a kernel crash in the
alsa usb-audio driver. (bsc#966693)

The following non-security bugs were fixed:
- alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).
- alsa: hda - disable dynamic clock gating on Broxton before reset
(bsc#966137).
- alsa: hda - Fix playback noise with 24/32 bit sample size on BXT
(bsc#966137).
- alsa: seq: Fix double port list deletion (bsc#968018).
- alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- alsa: timer: Fix race between stop and interrupt (bsc#968018).
- alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018).
- arm64: Add workaround for Cavium erratum 27456.
- arm64: Backport arm64 patches from SLE12-SP1-ARM
- btrfs: teach backref walking about backrefs with underflowed
(bsc#966259).
- cgroup kabi fix for 4.1.19.
- config: Disable CONFIG_DDR. CONFIG_DDR is selected automatically by
drivers which need it.
- config: Disable MFD_TPS65218 The TPS65218 is a power management IC for
32-bit ARM systems.
- config: Modularize NF_REJECT_IPV4/V6 There is no reason why these helper
modules should be built-in when the rest of netfilter is built as
modules.
- config: Update x86 config files: Enable Intel RAPL This driver is useful
when power caping is needed. It was enabled in the SLE kernel 2 years
ago.
- Delete patches.fixes/bridge-module-get-put.patch. As discussed in
http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html
- drm/i915: Fix double unref in intelfb_alloc failure path (boo#962866,
boo#966179).
- drm/i915: Fix failure paths around initial fbdev allocation (boo#962866,
boo#966179).
- drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping
(boo#962866, boo#966179).
- e1000e: Avoid divide by zero error (bsc#965125).
- e1000e: fix division by zero on jumbo MTUs (bsc#965125).
- e1000e: fix systim issues (bsc#965125).
- e1000e: Fix tight loop implementation of systime read algorithm
(bsc#965125).
- ibmvnic: Fix ibmvnic_capability struct.
- intel: Disable Skylake support in intel_idle driver again (boo#969582)
This turned out to bring a regression on some machines, unfortunately.
It should be addressed in the upstream at first.
- intel_idle: allow idle states to be freeze-mode specific (boo#969582).
- intel_idle: Skylake Client Support (boo#969582).
- intel_idle: Skylake Client Support - updated (boo#969582).
- libceph: fix scatterlist last_piece calculation (bsc#963746).
- lio: Add LIO clustered RBD backend (fate#318836)
- net kabi fixes for 4.1.19.
- numa patches updated to v15
- ocfs2: fix dlmglue deadlock issue(bnc#962257)
- pci: thunder: Add driver for ThunderX-pass{1,2} on-chip devices
- pci: thunder: Add PCIe host driver for ThunderX processors
- sd: Optimal I/O size is in bytes, not sectors (boo#961263).
- sd: Reject optimal transfer length smaller than page size (boo#961263).
- series.conf: move cxgb3 patch to network drivers section

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-445=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.1 (i586 x86_64):

kernel-default-4.1.20-11.1
kernel-default-base-4.1.20-11.1
kernel-default-base-debuginfo-4.1.20-11.1
kernel-default-debuginfo-4.1.20-11.1
kernel-default-debugsource-4.1.20-11.1
kernel-default-devel-4.1.20-11.1
kernel-obs-build-4.1.20-11.2
kernel-obs-build-debugsource-4.1.20-11.2
kernel-obs-qa-4.1.20-11.1
kernel-obs-qa-xen-4.1.20-11.1
kernel-syms-4.1.20-11.1

- openSUSE Leap 42.1 (i686 x86_64):

kernel-debug-4.1.20-11.1
kernel-debug-base-4.1.20-11.1
kernel-debug-base-debuginfo-4.1.20-11.1
kernel-debug-debuginfo-4.1.20-11.1
kernel-debug-debugsource-4.1.20-11.1
kernel-debug-devel-4.1.20-11.1
kernel-debug-devel-debuginfo-4.1.20-11.1
kernel-ec2-4.1.20-11.1
kernel-ec2-base-4.1.20-11.1
kernel-ec2-base-debuginfo-4.1.20-11.1
kernel-ec2-debuginfo-4.1.20-11.1
kernel-ec2-debugsource-4.1.20-11.1
kernel-ec2-devel-4.1.20-11.1
kernel-pv-4.1.20-11.1
kernel-pv-base-4.1.20-11.1
kernel-pv-base-debuginfo-4.1.20-11.1
kernel-pv-debuginfo-4.1.20-11.1
kernel-pv-debugsource-4.1.20-11.1
kernel-pv-devel-4.1.20-11.1
kernel-vanilla-4.1.20-11.1
kernel-vanilla-debuginfo-4.1.20-11.1
kernel-vanilla-debugsource-4.1.20-11.1
kernel-vanilla-devel-4.1.20-11.1
kernel-xen-4.1.20-11.1
kernel-xen-base-4.1.20-11.1
kernel-xen-base-debuginfo-4.1.20-11.1
kernel-xen-debuginfo-4.1.20-11.1
kernel-xen-debugsource-4.1.20-11.1
kernel-xen-devel-4.1.20-11.1

- openSUSE Leap 42.1 (noarch):

kernel-devel-4.1.20-11.1
kernel-docs-4.1.20-11.3
kernel-docs-html-4.1.20-11.3
kernel-docs-pdf-4.1.20-11.3
kernel-macros-4.1.20-11.1
kernel-source-4.1.20-11.1
kernel-source-vanilla-4.1.20-11.1

- openSUSE Leap 42.1 (i686):

kernel-pae-4.1.20-11.1
kernel-pae-base-4.1.20-11.1
kernel-pae-base-debuginfo-4.1.20-11.1
kernel-pae-debuginfo-4.1.20-11.1
kernel-pae-debugsource-4.1.20-11.1
kernel-pae-devel-4.1.20-11.1

References:

https://www.suse.com/security/cve/CVE-2015-1339.html
https://www.suse.com/security/cve/CVE-2015-7799.html
https://www.suse.com/security/cve/CVE-2015-7872.html
https://www.suse.com/security/cve/CVE-2015-7884.html
https://www.suse.com/security/cve/CVE-2015-8104.html
https://www.suse.com/security/cve/CVE-2015-8709.html
https://www.suse.com/security/cve/CVE-2015-8767.html
https://www.suse.com/security/cve/CVE-2015-8785.html
https://www.suse.com/security/cve/CVE-2015-8787.html
https://www.suse.com/security/cve/CVE-2015-8812.html
https://www.suse.com/security/cve/CVE-2016-0723.html
https://www.suse.com/security/cve/CVE-2016-2069.html
https://www.suse.com/security/cve/CVE-2016-2184.html
https://www.suse.com/security/cve/CVE-2016-2383.html
https://www.suse.com/security/cve/CVE-2016-2384.html
https://bugzilla.suse.com/814440
https://bugzilla.suse.com/884701
https://bugzilla.suse.com/949936
https://bugzilla.suse.com/951440
https://bugzilla.suse.com/951542
https://bugzilla.suse.com/951626
https://bugzilla.suse.com/951638
https://bugzilla.suse.com/953527
https://bugzilla.suse.com/954018
https://bugzilla.suse.com/954404
https://bugzilla.suse.com/954405
https://bugzilla.suse.com/954876
https://bugzilla.suse.com/958439
https://bugzilla.suse.com/958463
https://bugzilla.suse.com/958504
https://bugzilla.suse.com/959709
https://bugzilla.suse.com/960561
https://bugzilla.suse.com/960563
https://bugzilla.suse.com/960710
https://bugzilla.suse.com/961263
https://bugzilla.suse.com/961500
https://bugzilla.suse.com/961509
https://bugzilla.suse.com/962257
https://bugzilla.suse.com/962866
https://bugzilla.suse.com/962977
https://bugzilla.suse.com/963746
https://bugzilla.suse.com/963765
https://bugzilla.suse.com/963767
https://bugzilla.suse.com/963931
https://bugzilla.suse.com/965125
https://bugzilla.suse.com/966137
https://bugzilla.suse.com/966179
https://bugzilla.suse.com/966259
https://bugzilla.suse.com/966437
https://bugzilla.suse.com/966684
https://bugzilla.suse.com/966693
https://bugzilla.suse.com/968018
https://bugzilla.suse.com/969356
https://bugzilla.suse.com/969582
https://bugzilla.suse.com/970845
https://bugzilla.suse.com/971125

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org