openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:3021-1
Rating:             important
References:         #1000189 #1000287 #1000304 #1000776 #1001419 
                    #1001486 #1002165 #1003079 #1003153 #1003400 
                    #1003568 #1003866 #1003925 #1004252 #1004418 
                    #1004462 #1004517 #1004520 #1005666 #1006691 
                    #1007615 #1007886 #744692 #772786 #789311 
                    #799133 #857397 #860441 #865545 #866130 #868923 
                    #874131 #875631 #876145 #876463 #898675 #904489 
                    #909994 #911687 #915183 #921338 #921784 #922064 
                    #922634 #924381 #924384 #930399 #931454 #934067 
                    #937086 #937888 #940545 #941420 #946309 #954986 
                    #955446 #956514 #959463 #961257 #962846 #963655 
                    #963767 #966864 #967640 #970943 #971975 #971989 
                    #974406 #974620 #975596 #975772 #976195 #977687 
                    #978094 #979451 #979681 #979928 #982783 #983619 
                    #984194 #984419 #984779 #984992 #985562 #986445 
                    #987192 #987333 #987542 #987565 #987621 #987805 
                    #988440 #988617 #988715 #989152 #989953 #990245 
                    #991247 #991608 #991665 #992244 #992555 #992591 
                    #992593 #992712 #993392 #993841 #993890 #993891 
                    #994296 #994438 #994520 #994748 #994758 #995153 
                    #995968 #996664 #997059 #997299 #997708 #997896 
                    #998689 #998795 #998825 #999577 #999584 #999600 
                    #999779 #999907 #999932 
Cross-References:   CVE-2013-5634 CVE-2015-8956 CVE-2016-2069
                    CVE-2016-5696 CVE-2016-6130 CVE-2016-6327
                    CVE-2016-6480 CVE-2016-6828 CVE-2016-7042
                    CVE-2016-7097 CVE-2016-7425 CVE-2016-8658
                   
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 118 fixes
   is now available.

Description:



   The openSUSE 13.1 kernel was updated to 3.12.67 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM
     platform, when KVM is used, allowed host OS users to cause a denial of
     service (NULL pointer dereference, OOPS, and host OS crash) or possibly
     have unspecified other impact by omitting vCPU initialization before a
     KVM_GET_REG_LIST ioctl call. (bsc#994758)
   - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel
     allowed local users to gain privileges by triggering access to a paging
     structure by a different CPU (bnc#963767).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux kernel used an incorrect buffer size for certain timeout data,
     which allowed local users to cause a denial of service (stack memory
     corruption and panic) by reading the /proc/keys file (bnc#1004517).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserved the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).
   - CVE-2016-8658: Stack-based buffer overflow in the
     brcmf_cfg80211_start_ap function in
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
     kernel allowed local users to cause a denial of service (system crash)
     or possibly have unspecified other impact via a long SSID Information
     Element in a command to a Netlink socket (bnc#1004462).
   - CVE-2016-7425: The arcmsr_iop_message_xfer function in
     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
     certain length field, which allowed local users to gain privileges or
     cause a denial of service (heap-based buffer overflow) via an
     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
   - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel
     allowed local users to cause a denial of service (NULL pointer
     dereference and system crash) by using an ABORT_TASK command to abort a
     device write operation (bnc#994748).
   - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
     the Linux kernel did not properly maintain certain SACK state after a
     failed data copy, which allowed local users to cause a denial of service
     (tcp_xmit_retransmit_queue use-after-free and system crash) via a
     crafted SACK option (bnc#994296).
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     remote attackers to hijack TCP sessions via a blind in-window attack
     (bnc#989152).
   - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in
     drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by changing a certain
     length value, aka a "double fetch" vulnerability (bnc#987542).
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608).

   The following non-security bugs were fixed:

   - aacraid: Fix RRQ overload (bsc#1003079).
   - acpi / pm: Ignore wakeup setting if the ACPI companion can't wake up
     (FATE#315621).
   - af_vsock: Shrink the area influenced by prepare_to_wait (bsc#994520).
   - apparmor: add missing id bounds check on dfa verification (bsc#1000304).
   - apparmor: check that xindex is in trans_table bounds (bsc#1000304).
   - apparmor: do not check for vmalloc_addr if kvzalloc() failed
     (bsc#1000304).
   - apparmor: do not expose kernel stack (bsc#1000304).
   - apparmor: ensure the target profile name is always audited (bsc#1000304).
   - apparmor: exec should not be returning ENOENT when it denies
     (bsc#1000304).
   - apparmor: fix arg_size computation for when setprocattr is null
     terminated (bsc#1000304).
   - apparmor: fix audit full profile hname on successful load (bsc#1000304).
   - apparmor: fix change_hat not finding hat after policy replacement
     (bsc#1000287).
   - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).
   - apparmor: fix log failures for all profiles in a set (bsc#1000304).
   - apparmor: fix module parameters can be changed after policy is locked
     (bsc#1000304).
   - apparmor: fix oops in profile_unpack() when policy_db is not present
     (bsc#1000304).
   - apparmor: fix oops, validate buffer size in apparmor_setprocattr()
     (bsc#1000304).
   - apparmor: fix put() parent ref after updating the active ref
     (bsc#1000304).
   - apparmor: fix refcount bug in profile replacement (bsc#1000304).
   - apparmor: fix refcount race when finding a child profile (bsc#1000304).
   - apparmor: fix replacement bug that adds new child to old parent
     (bsc#1000304).
   - apparmor: fix uninitialized lsm_audit member (bsc#1000304).
   - apparmor: fix update the mtime of the profile file on replacement
     (bsc#1000304).
   - apparmor: internal paths should be treated as disconnected (bsc#1000304).
   - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).
   - arm64: Ensure pmd_present() returns false after pmd_mknotpresent()
     (Automatic NUMA Balancing (fate#315482)).
   - arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic
     NUMA Balancing (fate#315482)).
   - avoid dentry crash triggered by NFS (bsc#984194).
   - be2net: Do not leak iomapped memory on removal (bsc#921784 FATE#318561).
   - be2net: fix BE3-R FW download compatibility check (bsc#921784
     FATE#318561).
   - be2net: fix wrong return value in be_check_ufi_compatibility()
     (bsc#921784 FATE#318561).
   - be2net: remove vlan promisc capability from VF's profile descriptors
     (bsc#921784 FATE#318561).
   - blacklist.conf:
   - blacklist.conf: 78f3d050c34b We do not support fsl hardware
   - blacklist.conf: add 5195c14c8b27 (reverted and superseded by a commit we
     already have)
   - blacklist.conf: Add entry for 7bf52fb891b64b8d61caf0b82060adb9db761aec
     The commit 7bf52fb891b6 ("mm: vmscan: reclaim highmem zone if
     buffer_heads is over limit") is unnecessary as the fix is also
 available
     from commit d4debc66d1fc ("vmscan: remove unnecessary temporary vars
 in
     do_try_to_free_pages").
   - blacklist.conf: add pointless networking follow-up fixes
   - blacklist.conf: Add two fanotify commits which we do not need (fixes tag
     was not quite accurate)
   - blacklist.conf: Blacklist unsupported architectures
   - blkfront: fix an error path memory leak (luckily none so far).
   - blk-mq: fix undefined behaviour in order_to_size() (fate#315209).
   - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
   - blktap2: eliminate race from deferred work queue handling (bsc#911687).
   - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924).
   - bonding: always set recv_probe to bond_arp_rcv in arp monitor
     (bsc#977687).
   - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring
     (fate#316924).
   - bonding: Prevent IPv6 link local address on enslaved devices
     (fate#316924).
   - bonding: prevent out of bound accesses (fate#316924).
   - bonding: set carrier off for devices created through netlink
     (bsc#999577).
   - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
     (bsc#983619).
   - btrfs: add missing discards when unpinning extents with -o discard
     (bsc#904489).
   - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector
     boundaries (bsc#904489).
   - btrfs: do not create or leak aliased root while cleaning up orphans
     (bsc#904489).
   - btrfs: ensure that file descriptor used with subvol ioctls is a dir
     (bsc#999600).
   - btrfs: explictly delete unused block groups in close_ctree and
     ro-remount (bsc#904489).
   - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,
     bsc#984779)
   - btrfs: fix fitrim discarding device area reserved for boot loader's
 use
     (bsc#904489).
   - btrfs: handle quota reserve failure properly (bsc#1005666).
   - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
   - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
   - btrfs: properly track when rescan worker is running (bsc#989953).
   - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock
     (bsc#904489).
   - btrfs: reorder patches to place local patches back at the end of the
     series
   - btrfs: skip superblocks during discard (bsc#904489).
   - btrfs: test_check_exists: Fix infinite loop when searching for free
     space entries (bsc#987192).
   - btrfs: waiting on qgroup rescan should not always be interruptible
     (bsc#992712).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - cephfs: ignore error from invalidate_inode_pages2_range() in direct
     write (bsc#995153).
   - cephfs: remove warning when ceph_releasepage() is called on dirty page
     (bsc#995153).
   - clockevents: export clockevents_unbind_device instead of
     clockevents_unbind (bnc#937888).
   - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition
     (bsc#966864).
   - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).
   - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).
   - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)
   - drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888).
   - drivers: hv: vmbus: avoid scheduling in interrupt context in
     vmbus_initiate_unload() (bnc#937888).
   - drivers: hv: vmbus: avoid unneeded compiler optimizations in
     vmbus_wait_for_unload() (bnc#937888).
   - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888).
   - drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888).
   - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages
     (bnc#937888).
   - drivers: hv: vmbus: do not manipulate with clocksources on crash
     (bnc#937888).
   - drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0
     (bnc#937888).
   - drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888).
   - drivers: hv: vmbus: handle various crash scenarios (bnc#937888).
   - drivers: hv: vmbus: remove code duplication in message handling
     (bnc#937888).
   - drivers: hv: vmbus: Support handling messages on multiple CPUs
     (bnc#937888).
   - drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888).
   - efi: Small leak on error in runtime map code (fate#315019).
   - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)
   - ext4: Add parameter for tuning handling of ext2 (bsc#976195).
   - Fix kabi change cause by adding flock_owner to open_context (bsc#998689).
   - fix pCPU handling (luckily none so far).
   - fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch
     (bsc#1003153).
   - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,
     bsc#979681).
   - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
   - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
   - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
   - fs/cifs: make share unaccessible at root level mountable (bsc#799133).
   - fs/cifs: Move check for prefix path to within cifs_get_root()
     (bsc#799133).
   - fs/cifs: REVERT fix wrongly prefixed path to root (bsc#963655,
     bsc#979681)
   - fs/select: add vmalloc fallback for select(2) (bsc#1000189).
   - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short
     jumps to it (bsc#984419).
   - hyperv: enable call to clockevents_unbind_device in kexec/kdump path
   - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in
     the base kernel
   - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).
   - ib/IWPM: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).
   - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545
     FATE#316891).
   - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).
   - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).
   - ipv6: fix multipath route replace error recovery (bsc#930399).
   - ipv6: KABI workaround for ipv6: add complete rcu protection around
     np->opt.
   - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).
   - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).
   - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555,
     bsc#987805).
   - iwlwifi: dvm: fix flush support for old firmware (bsc#940545).
   - kabi: clockevents: export clockevents_unbind again.
   - kabi: hide harmless change in struct inet_connection_sock (fate#318553).
   - kABI: protect backing-dev include in mm/migrate.
   - kABI: protect enum usb_device_speed.
   - kABI: protect struct mlx5_modify_qp_mbox_in.
   - kABI: protect struct mmc_packed (kabi).
   - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).
   - kernel/printk/printk.c: fix faulty logic in the case of recursive printk
     (bnc#744692, bnc#789311).
   - kvm: do not handle APIC access page if in-kernel irqchip is not in use
     (bsc#959463).
   - kvm: vmx: defer load of APIC access page address during reset
     (bsc#959463).
   - libceph: enable large, variable-sized OSD requests (bsc#988715).
   - libceph: make r_request msg_size calculation clearer (bsc#988715).
   - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op
     (bsc#988715).
   - libceph: osdc->req_mempool should be backed by a slab pool
 (bsc#988715).
   - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).
   - libfc: do not send ABTS when resetting exchanges (bsc#962846).
   - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS
     response (bsc#962846).
   - libfc: Fixup disc_mutex handling (bsc#962846).
   - libfc: fixup locking of ptp_setup() (bsc#962846).
   - libfc: Issue PRLI after a PRLO has been received (bsc#962846).
   - libfc: reset exchange manager during LOGO handling (bsc#962846).
   - libfc: Revisit kref handling (bnc#990245).
   - libfc: sanity check cpu number extracted from xid (bsc#988440).
   - libfc: send LOGO for PLOGI failure (bsc#962846).
   - lib/vsprintf: implement bitmap printing through '%*pb[l]'
 (bnc#1003866).
   - md: check command validity early in md_ioctl() (bsc#1004520).
   - md: Drop sending a change uevent when stopping (bsc#1003568).
   - md: lockless I/O submission for RAID1 (bsc#982783).
   - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).
   - memcg: convert threshold to bytes (bnc#931454).
   - memcg: fix thresholds for 32b architectures (bnc#931454).
   - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975
     VM performance -- git fixes).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - module: Issue warnings when tainting kernel (bsc#974406).
   - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
   - mpt3sas: Update
   patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch
     (bsc#967640, bsc#992244).
   - msi-x: fix an error path (luckily none so far).
   - netback: fix flipping mode (bsc#996664).
   - netback: fix refounting (bsc#978094).
   - netfront: do not truncate grant references.
   - netfront: use correct linear area after linearizing an skb (bsc#1007886).
   - nfs4: reset states to use open_stateid when returning delegation
     voluntarily (bsc#1003400).
   - nfs: Add a stub for GETDEVICELIST (bnc#898675).
   - nfs: Do not write enable new pages while an invalidation is proceeding
     (bsc#999584).
   - nfsd: Use free_conn to free connection (bsc#979451).
   - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
   - nfs: Fix a regression in the read() syscall (bsc#999584).
   - nfs: fix BUG() crash in notify_change() with patch to chown_common()
     (bnc#876463).
   - nfs: fix pg_test page count calculation (bnc#898675).
   - nfs: nfs4_fl_prepare_ds must be careful about reporting success
     (bsc#1000776).
   - nfsv4: add flock_owner to open context (bnc#998689).
   - nfsv4: change nfs4_do_setattr to take an open_context instead of a
     nfs4_state (bnc#998689).
   - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of
     lock_owner (bnc#998689).
   - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is
     one (bnc#998689).
   - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
     (bnc#866130).
   - oom: print nodemask in the oom report (bnc#1003866).
   - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).
   - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on
 SLM
     (bsc#997896).
   - pm / hibernate: Fix 2G size issue of snapshot image verification
     (bsc#1004252).
   - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends
     (bnc#860441).
   - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).
   - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).
   - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).
   - qlcnic: potential NULL dereference in
     qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)
   - radeon: avoid boot hang in Xen Dom0 (luckily none so far).
   - ratelimit: extend to print suppressed messages on release (bsc#979928).
   - ratelimit: fix bug in time interval by resetting right begin time
     (bsc#979928).
   - rbd: truncate objects on cmpext short reads (bsc#988715).
   - rcu: Fix improper use or RCU in
     patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.
     (bsc#961257)
   - Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch. After
     a write, we must free the 'request', not the 'response'.
 This error
     crept in during the backport. bsc#995153
   - Refresh patches.xen/xen3-patch-3.9 (bsc#991247).
   - Rename
   patches.xen/xen3-kgr-{0107,1003}-reserve-a-place-in-thread_struct-for-stori
     ng-RIP.patch to match its non-Xen counterpart.
   - Revert "can: dev: fix deadlock reported after bus-off".
   - Revert "Input: i8042 - break load dependency between atkbd/psmouse and
     i8042".
   - Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".
   - rpm/config.sh: do not prepend "60." to release string This is
 needed for
     SLE maintenance workflow, no need for that in evergreen-13.1.
   - rpm/config.sh: Set the SP1 release string to 60.<RELEASE>
 (bsc#997059)
   - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)
   - rtnetlink: avoid 0 sized arrays (fate#316924).
   - s390: add SMT support (bnc#994438, LTC#144756).
   - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
     (bnc#1001419).
   - sched/core: Fix a race between try_to_wake_up() and a woken up task
     (bsc#1002165, bsc#1001419).
   - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
   - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
   - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
   - sd: Fix memory leak caused by RESET_WP patch (bsc#999779).
   - squashfs3: properly handle dir_emit() failures (bsc#998795).
   - sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT
     (bnc#868923).
   - sunrpc: Fix a regression when reconnecting (bsc#946309).
   - supported.conf: Add ext2
   - supported.conf: Add iscsi modules to -base (bsc#997299)
   - supported.conf: Add tun to -base (bsc#992593)
   - supported.conf: Add veth to -base (bsc#992591)
   - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP
     (bsc#987621).
   - target: Fix race between iscsi-target connection shutdown + ABORT_TASK
     (bsc#987621).
   - tcp: add proper TS val into RST packets (bsc#937086).
   - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).
   - tcp: fix child sockets to use system default congestion control if not
     set (fate#318553).
   - tcp: fix cwnd limited checking to improve congestion control
     (bsc#988617).
   - tcp: refresh skb timestamp at retransmit time (bsc#937086).
   - timers: Use proper base migration in add_timer_on() (bnc#993392).
   - tunnels: Do not apply GRO to multiple layers of encapsulation
     (bsc#1001486).
   - tunnels: Remove encapsulation offloads on decap (bsc#1001486).
   - Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888).
   - uprobes: Fix the memcg accounting (bnc#931454).
   - usb: fix typo in wMaxPacketSize validation (bsc#991665).
   - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
   - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
     (bsc#922634).
   - usb: validate wMaxPacketValue entries in endpoint descriptors
     (bnc#991665).
   - vmxnet3: Wake queue from reset work (bsc#999907).
   - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance
     git-fixes).
   - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).
   - xenbus: inspect the correct type in xenbus_dev_request_and_reply().
   - xen: Linux 3.12.63.
   - xen: Linux 3.12.64.
   - xen/pciback: Fix conf_space read/write overlap check.
   - xen-pciback: return proper values during BAR sizing.
   - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
   - xfs: fixed signedness of error code in xfs_inode_buf_verify
     (bsc#1003153).
   - xfs: handle dquot buffer readahead in log recovery correctly
     (bsc#955446).
   - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
   - xhci: silence warnings in switch (bnc#991665).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2016-1410=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.1 (i586 x86_64):

      cloop-2.639-11.36.1
      cloop-debuginfo-2.639-11.36.1
      cloop-debugsource-2.639-11.36.1
      cloop-kmp-default-2.639_k3.12.67_58-11.36.1
      cloop-kmp-default-debuginfo-2.639_k3.12.67_58-11.36.1
      cloop-kmp-desktop-2.639_k3.12.67_58-11.36.1
      cloop-kmp-desktop-debuginfo-2.639_k3.12.67_58-11.36.1
      cloop-kmp-xen-2.639_k3.12.67_58-11.36.1
      cloop-kmp-xen-debuginfo-2.639_k3.12.67_58-11.36.1
      crash-7.0.2-2.36.1
      crash-debuginfo-7.0.2-2.36.1
      crash-debugsource-7.0.2-2.36.1
      crash-devel-7.0.2-2.36.1
      crash-doc-7.0.2-2.36.1
      crash-eppic-7.0.2-2.36.1
      crash-eppic-debuginfo-7.0.2-2.36.1
      crash-gcore-7.0.2-2.36.1
      crash-gcore-debuginfo-7.0.2-2.36.1
      crash-kmp-default-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-default-debuginfo-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-desktop-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-desktop-debuginfo-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-xen-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-xen-debuginfo-7.0.2_k3.12.67_58-2.36.1
      hdjmod-debugsource-1.28-16.36.1
      hdjmod-kmp-default-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-default-debuginfo-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-desktop-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-desktop-debuginfo-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-xen-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-xen-debuginfo-1.28_k3.12.67_58-16.36.1
      ipset-6.21.1-2.40.1
      ipset-debuginfo-6.21.1-2.40.1
      ipset-debugsource-6.21.1-2.40.1
      ipset-devel-6.21.1-2.40.1
      ipset-kmp-default-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-default-debuginfo-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-desktop-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-desktop-debuginfo-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-xen-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-xen-debuginfo-6.21.1_k3.12.67_58-2.40.1
      iscsitarget-1.4.20.3-13.36.1
      iscsitarget-debuginfo-1.4.20.3-13.36.1
      iscsitarget-debugsource-1.4.20.3-13.36.1
      iscsitarget-kmp-default-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-desktop-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-xen-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.67_58-13.36.1
      kernel-default-3.12.67-58.1
      kernel-default-base-3.12.67-58.1
      kernel-default-base-debuginfo-3.12.67-58.1
      kernel-default-debuginfo-3.12.67-58.1
      kernel-default-debugsource-3.12.67-58.1
      kernel-default-devel-3.12.67-58.1
      kernel-syms-3.12.67-58.1
      libipset3-6.21.1-2.40.1
      libipset3-debuginfo-6.21.1-2.40.1
      ndiswrapper-1.58-37.1
      ndiswrapper-debuginfo-1.58-37.1
      ndiswrapper-debugsource-1.58-37.1
      ndiswrapper-kmp-default-1.58_k3.12.67_58-37.1
      ndiswrapper-kmp-default-debuginfo-1.58_k3.12.67_58-37.1
      ndiswrapper-kmp-desktop-1.58_k3.12.67_58-37.1
      ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.67_58-37.1
      openvswitch-1.11.0-0.43.1
      openvswitch-controller-1.11.0-0.43.1
      openvswitch-controller-debuginfo-1.11.0-0.43.1
      openvswitch-debuginfo-1.11.0-0.43.1
      openvswitch-debugsource-1.11.0-0.43.1
      openvswitch-kmp-default-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-default-debuginfo-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-desktop-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-xen-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.67_58-0.43.1
      openvswitch-pki-1.11.0-0.43.1
      openvswitch-switch-1.11.0-0.43.1
      openvswitch-switch-debuginfo-1.11.0-0.43.1
      openvswitch-test-1.11.0-0.43.1
      pcfclock-0.44-258.37.1
      pcfclock-debuginfo-0.44-258.37.1
      pcfclock-debugsource-0.44-258.37.1
      pcfclock-kmp-default-0.44_k3.12.67_58-258.37.1
      pcfclock-kmp-default-debuginfo-0.44_k3.12.67_58-258.37.1
      pcfclock-kmp-desktop-0.44_k3.12.67_58-258.37.1
      pcfclock-kmp-desktop-debuginfo-0.44_k3.12.67_58-258.37.1
      python-openvswitch-1.11.0-0.43.1
      python-openvswitch-test-1.11.0-0.43.1
      python-virtualbox-4.2.36-2.68.1
      python-virtualbox-debuginfo-4.2.36-2.68.1
      vhba-kmp-debugsource-20130607-2.36.1
      vhba-kmp-default-20130607_k3.12.67_58-2.36.1
      vhba-kmp-default-debuginfo-20130607_k3.12.67_58-2.36.1
      vhba-kmp-desktop-20130607_k3.12.67_58-2.36.1
      vhba-kmp-desktop-debuginfo-20130607_k3.12.67_58-2.36.1
      vhba-kmp-xen-20130607_k3.12.67_58-2.36.1
      vhba-kmp-xen-debuginfo-20130607_k3.12.67_58-2.36.1
      virtualbox-4.2.36-2.68.1
      virtualbox-debuginfo-4.2.36-2.68.1
      virtualbox-debugsource-4.2.36-2.68.1
      virtualbox-devel-4.2.36-2.68.1
      virtualbox-guest-kmp-default-4.2.36_k3.12.67_58-2.68.1
      virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.67_58-2.68.1
      virtualbox-guest-kmp-desktop-4.2.36_k3.12.67_58-2.68.1
      virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.67_58-2.68.1
      virtualbox-guest-tools-4.2.36-2.68.1
      virtualbox-guest-tools-debuginfo-4.2.36-2.68.1
      virtualbox-guest-x11-4.2.36-2.68.1
      virtualbox-guest-x11-debuginfo-4.2.36-2.68.1
      virtualbox-host-kmp-default-4.2.36_k3.12.67_58-2.68.1
      virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.67_58-2.68.1
      virtualbox-host-kmp-desktop-4.2.36_k3.12.67_58-2.68.1
      virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.67_58-2.68.1
      virtualbox-qt-4.2.36-2.68.1
      virtualbox-qt-debuginfo-4.2.36-2.68.1
      virtualbox-websrv-4.2.36-2.68.1
      virtualbox-websrv-debuginfo-4.2.36-2.68.1
      xen-debugsource-4.3.4_10-69.1
      xen-devel-4.3.4_10-69.1
      xen-kmp-default-4.3.4_10_k3.12.67_58-69.1
      xen-kmp-default-debuginfo-4.3.4_10_k3.12.67_58-69.1
      xen-kmp-desktop-4.3.4_10_k3.12.67_58-69.1
      xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.67_58-69.1
      xen-libs-4.3.4_10-69.1
      xen-libs-debuginfo-4.3.4_10-69.1
      xen-tools-domU-4.3.4_10-69.1
      xen-tools-domU-debuginfo-4.3.4_10-69.1
      xtables-addons-2.3-2.35.1
      xtables-addons-debuginfo-2.3-2.35.1
      xtables-addons-debugsource-2.3-2.35.1
      xtables-addons-kmp-default-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-default-debuginfo-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-desktop-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-xen-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-xen-debuginfo-2.3_k3.12.67_58-2.35.1

   - openSUSE 13.1 (i686 x86_64):

      kernel-debug-3.12.67-58.1
      kernel-debug-base-3.12.67-58.1
      kernel-debug-base-debuginfo-3.12.67-58.1
      kernel-debug-debuginfo-3.12.67-58.1
      kernel-debug-debugsource-3.12.67-58.1
      kernel-debug-devel-3.12.67-58.1
      kernel-debug-devel-debuginfo-3.12.67-58.1
      kernel-desktop-3.12.67-58.1
      kernel-desktop-base-3.12.67-58.1
      kernel-desktop-base-debuginfo-3.12.67-58.1
      kernel-desktop-debuginfo-3.12.67-58.1
      kernel-desktop-debugsource-3.12.67-58.1
      kernel-desktop-devel-3.12.67-58.1
      kernel-ec2-3.12.67-58.1
      kernel-ec2-base-3.12.67-58.1
      kernel-ec2-base-debuginfo-3.12.67-58.1
      kernel-ec2-debuginfo-3.12.67-58.1
      kernel-ec2-debugsource-3.12.67-58.1
      kernel-ec2-devel-3.12.67-58.1
      kernel-trace-3.12.67-58.1
      kernel-trace-base-3.12.67-58.1
      kernel-trace-base-debuginfo-3.12.67-58.1
      kernel-trace-debuginfo-3.12.67-58.1
      kernel-trace-debugsource-3.12.67-58.1
      kernel-trace-devel-3.12.67-58.1
      kernel-vanilla-3.12.67-58.1
      kernel-vanilla-debuginfo-3.12.67-58.1
      kernel-vanilla-debugsource-3.12.67-58.1
      kernel-vanilla-devel-3.12.67-58.1
      kernel-xen-3.12.67-58.1
      kernel-xen-base-3.12.67-58.1
      kernel-xen-base-debuginfo-3.12.67-58.1
      kernel-xen-debuginfo-3.12.67-58.1
      kernel-xen-debugsource-3.12.67-58.1
      kernel-xen-devel-3.12.67-58.1

   - openSUSE 13.1 (noarch):

      kernel-devel-3.12.67-58.1
      kernel-docs-3.12.67-58.2
      kernel-macros-3.12.67-58.1
      kernel-source-3.12.67-58.1
      kernel-source-vanilla-3.12.67-58.1
      virtualbox-host-source-4.2.36-2.68.1

   - openSUSE 13.1 (x86_64):

      xen-4.3.4_10-69.1
      xen-doc-html-4.3.4_10-69.1
      xen-libs-32bit-4.3.4_10-69.1
      xen-libs-debuginfo-32bit-4.3.4_10-69.1
      xen-tools-4.3.4_10-69.1
      xen-tools-debuginfo-4.3.4_10-69.1
      xen-xend-tools-4.3.4_10-69.1
      xen-xend-tools-debuginfo-4.3.4_10-69.1

   - openSUSE 13.1 (i586):

      cloop-kmp-pae-2.639_k3.12.67_58-11.36.1
      cloop-kmp-pae-debuginfo-2.639_k3.12.67_58-11.36.1
      crash-kmp-pae-7.0.2_k3.12.67_58-2.36.1
      crash-kmp-pae-debuginfo-7.0.2_k3.12.67_58-2.36.1
      hdjmod-kmp-pae-1.28_k3.12.67_58-16.36.1
      hdjmod-kmp-pae-debuginfo-1.28_k3.12.67_58-16.36.1
      ipset-kmp-pae-6.21.1_k3.12.67_58-2.40.1
      ipset-kmp-pae-debuginfo-6.21.1_k3.12.67_58-2.40.1
      iscsitarget-kmp-pae-1.4.20.3_k3.12.67_58-13.36.1
      iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.67_58-13.36.1
      ndiswrapper-kmp-pae-1.58_k3.12.67_58-37.1
      ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.67_58-37.1
      openvswitch-kmp-pae-1.11.0_k3.12.67_58-0.43.1
      openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.67_58-0.43.1
      pcfclock-kmp-pae-0.44_k3.12.67_58-258.37.1
      pcfclock-kmp-pae-debuginfo-0.44_k3.12.67_58-258.37.1
      vhba-kmp-pae-20130607_k3.12.67_58-2.36.1
      vhba-kmp-pae-debuginfo-20130607_k3.12.67_58-2.36.1
      virtualbox-guest-kmp-pae-4.2.36_k3.12.67_58-2.68.1
      virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.67_58-2.68.1
      virtualbox-host-kmp-pae-4.2.36_k3.12.67_58-2.68.1
      virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.67_58-2.68.1
      xen-kmp-pae-4.3.4_10_k3.12.67_58-69.1
      xen-kmp-pae-debuginfo-4.3.4_10_k3.12.67_58-69.1
      xtables-addons-kmp-pae-2.3_k3.12.67_58-2.35.1
      xtables-addons-kmp-pae-debuginfo-2.3_k3.12.67_58-2.35.1

   - openSUSE 13.1 (i686):

      kernel-pae-3.12.67-58.1
      kernel-pae-base-3.12.67-58.1
      kernel-pae-base-debuginfo-3.12.67-58.1
      kernel-pae-debuginfo-3.12.67-58.1
      kernel-pae-debugsource-3.12.67-58.1
      kernel-pae-devel-3.12.67-58.1


References:

   https://www.suse.com/security/cve/CVE-2013-5634.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2016-2069.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-6130.html
   https://www.suse.com/security/cve/CVE-2016-6327.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://www.suse.com/security/cve/CVE-2016-8658.html
   https://bugzilla.suse.com/1000189
   https://bugzilla.suse.com/1000287
   https://bugzilla.suse.com/1000304
   https://bugzilla.suse.com/1000776
   https://bugzilla.suse.com/1001419
   https://bugzilla.suse.com/1001486
   https://bugzilla.suse.com/1002165
   https://bugzilla.suse.com/1003079
   https://bugzilla.suse.com/1003153
   https://bugzilla.suse.com/1003400
   https://bugzilla.suse.com/1003568
   https://bugzilla.suse.com/1003866
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004252
   https://bugzilla.suse.com/1004418
   https://bugzilla.suse.com/1004462
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1004520
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1006691
   https://bugzilla.suse.com/1007615
   https://bugzilla.suse.com/1007886
   https://bugzilla.suse.com/744692
   https://bugzilla.suse.com/772786
   https://bugzilla.suse.com/789311
   https://bugzilla.suse.com/799133
   https://bugzilla.suse.com/857397
   https://bugzilla.suse.com/860441
   https://bugzilla.suse.com/865545
   https://bugzilla.suse.com/866130
   https://bugzilla.suse.com/868923
   https://bugzilla.suse.com/874131
   https://bugzilla.suse.com/875631
   https://bugzilla.suse.com/876145
   https://bugzilla.suse.com/876463
   https://bugzilla.suse.com/898675
   https://bugzilla.suse.com/904489
   https://bugzilla.suse.com/909994
   https://bugzilla.suse.com/911687
   https://bugzilla.suse.com/915183
   https://bugzilla.suse.com/921338
   https://bugzilla.suse.com/921784
   https://bugzilla.suse.com/922064
   https://bugzilla.suse.com/922634
   https://bugzilla.suse.com/924381
   https://bugzilla.suse.com/924384
   https://bugzilla.suse.com/930399
   https://bugzilla.suse.com/931454
   https://bugzilla.suse.com/934067
   https://bugzilla.suse.com/937086
   https://bugzilla.suse.com/937888
   https://bugzilla.suse.com/940545
   https://bugzilla.suse.com/941420
   https://bugzilla.suse.com/946309
   https://bugzilla.suse.com/954986
   https://bugzilla.suse.com/955446
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/959463
   https://bugzilla.suse.com/961257
   https://bugzilla.suse.com/962846
   https://bugzilla.suse.com/963655
   https://bugzilla.suse.com/963767
   https://bugzilla.suse.com/966864
   https://bugzilla.suse.com/967640
   https://bugzilla.suse.com/970943
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/971989
   https://bugzilla.suse.com/974406
   https://bugzilla.suse.com/974620
   https://bugzilla.suse.com/975596
   https://bugzilla.suse.com/975772
   https://bugzilla.suse.com/976195
   https://bugzilla.suse.com/977687
   https://bugzilla.suse.com/978094
   https://bugzilla.suse.com/979451
   https://bugzilla.suse.com/979681
   https://bugzilla.suse.com/979928
   https://bugzilla.suse.com/982783
   https://bugzilla.suse.com/983619
   https://bugzilla.suse.com/984194
   https://bugzilla.suse.com/984419
   https://bugzilla.suse.com/984779
   https://bugzilla.suse.com/984992
   https://bugzilla.suse.com/985562
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/987192
   https://bugzilla.suse.com/987333
   https://bugzilla.suse.com/987542
   https://bugzilla.suse.com/987565
   https://bugzilla.suse.com/987621
   https://bugzilla.suse.com/987805
   https://bugzilla.suse.com/988440
   https://bugzilla.suse.com/988617
   https://bugzilla.suse.com/988715
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989953
   https://bugzilla.suse.com/990245
   https://bugzilla.suse.com/991247
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/992244
   https://bugzilla.suse.com/992555
   https://bugzilla.suse.com/992591
   https://bugzilla.suse.com/992593
   https://bugzilla.suse.com/992712
   https://bugzilla.suse.com/993392
   https://bugzilla.suse.com/993841
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994438
   https://bugzilla.suse.com/994520
   https://bugzilla.suse.com/994748
   https://bugzilla.suse.com/994758
   https://bugzilla.suse.com/995153
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/996664
   https://bugzilla.suse.com/997059
   https://bugzilla.suse.com/997299
   https://bugzilla.suse.com/997708
   https://bugzilla.suse.com/997896
   https://bugzilla.suse.com/998689
   https://bugzilla.suse.com/998795
   https://bugzilla.suse.com/998825
   https://bugzilla.suse.com/999577
   https://bugzilla.suse.com/999584
   https://bugzilla.suse.com/999600
   https://bugzilla.suse.com/999779
   https://bugzilla.suse.com/999907
   https://bugzilla.suse.com/999932

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org