Login
Newsletter
Werbung

Sicherheit: Zwei Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Zwei Probleme im Kernel
ID: SUSE-SU-2015:0658-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Software Development Kit 12, SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Workstation Extension 12, SUSE Linux Enterprise Module for Public Cloud 12, SUSE Linux Enterprise Live Patching 12
Datum: Fr, 3. April 2015, 10:04
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150
Applikationen: Linux

Originalnachricht

   SUSE Security Update: Security Update for Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2015:0658-1
Rating: important
References: #898675 #903997 #904242 #909309 #909477 #909684
#910517 #913080 #914818 #915200 #915660 #917830
#918584 #918615 #918620 #918644 #919463 #919719
#919939 #920615 #920805 #920839 #921313 #921527
#921990 #922272 #922275 #922278 #922284 #924460

Cross-References: CVE-2015-0777 CVE-2015-2150
Affected Products:
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

An update that solves two vulnerabilities and has 28 fixes
is now available.

Description:


The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to
receive various security and bugfixes.

Following security bugs were fixed:
- CVE-2015-0777: The XEN usb backend could leak information to the guest
system due to copying uninitialized memory.

- CVE-2015-2150: Xen and the Linux kernel did not properly restrict access
to PCI command registers, which might have allowed local guest users to
cause a denial of service (non-maskable interrupt and host crash) by
disabling the (1) memory or (2) I/O decoding for a PCI Express device
and then accessing the device, which triggers an Unsupported Request
(UR) response.

The following non-security bugs were fixed:
- Added Little Endian support to vtpm module (bsc#918620).
- Add support for pnfs block layout. Patches not included by default yet
- ALSA: hda - Fix regression of HD-audio controller fallback modes
(bsc#921313).
- btrfs: add missing blk_finish_plug in btrfs_sync_log() (bnc#922284).
- btrfs: cleanup orphans while looking up default subvolume (bsc#914818).
- btrfs: do not ignore errors from btrfs_lookup_xattr in do_setxattr
(bnc#922272).
- btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group
(bnc#922278).
- btrfs: fix data loss in the fast fsync path (bnc#922275).
- btrfs: fix fsync data loss after adding hard link to inode (bnc#922275).
- cgroup: revert cgroup_mutex removal from idr_remove (bnc#918644).
- cifs: fix use-after-free bug in find_writable_file (bnc#909477).
- crypto: rng - RNGs must return 0 in success case (bsc#920805).
- crypto: testmgr - fix RNG return code enforcement (bsc#920805).
- exit: Always reap resource stats in __exit_signal() (Time scalability).
- fork: report pid reservation failure properly (bnc#909684).
- fsnotify: Fix handling of renames in audit (bnc#915200).
- HID: hyperv: match wait_for_completion_timeout return type.
- hv: address compiler warnings for hv_fcopy_daemon.c.
- hv: address compiler warnings for hv_kvp_daemon.c.
- hv: check vmbus_device_create() return value in vmbus_process_offer().
- hv: do not add redundant / in hv_start_fcopy().
- hv: hv_balloon: Do not post pressure status from interrupt context.
- hv: hv_balloon: Fix a locking bug in the balloon driver.
- hv: hv_balloon: Make adjustments in computing the floor.
- hv: hv_fcopy: drop the obsolete message on transfer failure.
- hv: kvp_daemon: make IPv6-only-injection work.
- hv: remove unused bytes_written from kvp_update_file().
- hv: rename sc_lock to the more generic lock.
- hv: vmbus: Fix a bug in vmbus_establish_gpadl().
- hv: vmbus: hv_process_timer_expiration() can be static.
- hv: vmbus: Implement a clockevent device.
- hv: vmbus: serialize Offer and Rescind offer.
- hv: vmbus: Support a vmbus API for efficiently sending page arrays.
- hv: vmbus: Use get_cpu() to get the current CPU.
- hyperv: fix sparse warnings.
- hyperv: Fix the error processing in netvsc_send().
- hyperv: match wait_for_completion_timeout return type.
- hyperv: netvsc.c: match wait_for_completion_timeout return type.
- iommu/vt-d: Fix dmar_domain leak in iommu_attach_device (bsc#924460).
- kabi, mm: prevent endless growth of anon_vma hierarchy (bnc#904242).
- kABI: protect linux/namei.h include in procfs.
- kABI: protect struct hif_scatter_req.
- kabi/severities: Stop maintaining the kgraft kabi
- kernel/sched/clock.c: add another clock for use with the soft lockup
watchdog (bsc#919939).
- kgr: Allow patches to require an exact kernel version (bnc#920615).
- KVM: PPC: Book3S HV: ptes are big endian (bsc#920839).
- mm: convert the rest to new page table lock api (the suse-only cases)
(fate#315482).
- mm: fix anon_vma->degree underflow in anon_vma endless growing
prevention (bnc#904242).
- mm: fix corner case in anon_vma endless growing prevention (bnc#904242).
- mm: prevent endless growth of anon_vma hierarchy (bnc#904242).
- mm: prevent endless growth of anon_vma hierarchy mm: prevent endless
growth of anon_vma hierarchy (bnc#904242).
- mm: vmscan: count only dirty pages as congested (VM Performance,
bnc#910517).
- module: Clean up ro/nx after early module load failures (bsc#921990).
- module: set nx before marking module MODULE_STATE_COMING (bsc#921990).
- net: add sysfs helpers for netdev_adjacent logic (bnc#915660).
- net: correct error path in rtnl_newlink() (bnc#915660).
- net: fix creation adjacent device symlinks (bnc#915660).
- net: prevent of emerging cross-namespace symlinks (bnc#915660).
- net: rename sysfs symlinks on device name change (bnc#915660).
- nfs: cap request size to fit a kmalloced page array (bnc#898675).
- nfs: commit layouts in fdatasync (bnc#898675).
- NFSv4.1: Do not trust attributes if a pNFS LAYOUTCOMMIT is outstanding
(bnc#898675).
- NFSv4.1: Ensure that the layout recall callback matches layout stateids
(bnc#898675).
- NFSv4.1: Ensure that we free existing layout segments if we get a new
layout (bnc#898675).
- NFSv4.1: Fix a race in nfs4_write_inode (bnc#898675).
- NFSv4.1: Fix wraparound issues in pnfs_seqid_is_newer() (bnc#898675).
- NFSv4.1: Minor optimisation in get_layout_by_fh_locked() (bnc#898675).
- NFSv4: Do not update the open stateid unless it is newer than the old
one (bnc#898675).
- pnfs: add a common GETDEVICELIST implementation (bnc#898675).
- pnfs: add a nfs4_get_deviceid helper (bnc#898675).
- pnfs: add flag to force read-modify-write in ->write_begin
(bnc#898675).
- pnfs: add return_range method (bnc#898675).
- pnfs: allow splicing pre-encoded pages into the layoutcommit args
(bnc#898675).
- pnfs: avoid using stale stateids after layoutreturn (bnc#898675).
- pnfs/blocklayout: allocate separate pages for the layoutcommit payload
(bnc#898675).
- pnfs/blocklayout: correctly decrement extent length (bnc#898675).
- pnfs/blocklayout: do not set pages uptodate (bnc#898675).
- pnfs/blocklayout: Fix a 64-bit division/remainder issue in bl_map_stripe
(bnc#898675).
- pnfs/blocklayout: implement the return_range method (bnc#898675).
- pnfs/blocklayout: improve GETDEVICEINFO error reporting (bnc#898675).
- pnfs/blocklayout: include vmalloc.h for __vmalloc (bnc#898675).
- pnfs/blocklayout: in-kernel GETDEVICEINFO XDR parsing (bnc#898675).
- pnfs/blocklayout: move all rpc_pipefs related code into a single file
(bnc#898675).
- pnfs/blocklayout: move extent processing to blocklayout.c (bnc#898675).
- pnfs/blocklayout: plug block queues (bnc#898675).
- pnfs/blocklayout: refactor extent processing (bnc#898675).
- pnfs/blocklayout: reject pnfs blocksize larger than page size
(bnc#898675).
- pNFS/blocklayout: Remove a couple of unused variables (bnc#898675).
- pnfs/blocklayout: remove read-modify-write handling in bl_write_pagelist
(bnc#898675).
- pnfs/blocklayout: remove some debugging (bnc#898675).
- pnfs/blocklayout: return layouts on setattr (bnc#898675).
- pnfs/blocklayout: rewrite extent tracking (bnc#898675).
- pnfs/blocklayout: use the device id cache (bnc#898675).
- pnfs: do not check sequence on new stateids in layoutget (bnc#898675).
- pnfs: do not pass uninitialized lsegs to ->free_lseg (bnc#898675).
- pnfs: enable CB_NOTIFY_DEVICEID support (bnc#898675).
- pnfs: factor GETDEVICEINFO implementations (bnc#898675).
- pnfs: force a layout commit when encountering busy segments during
recall (bnc#898675).
- pnfs: remove GETDEVICELIST implementation (bnc#898675).
- pnfs: retry after a bad stateid error from layoutget (bnc#898675).
- powerpc: add running_clock for powerpc to prevent spurious softlockup
warnings (bsc#919939).
- powerpc/pseries: Fix endian problems with LE migration (bsc#918584).
- remove cgroup_mutex around deactivate_super because it might be
dangerous.
- rtmutex: Document pi chain walk (mutex scalability).
- rtmutex: No need to keep task ref for lock owner check (mutex
scalability).
- rtmutex: Simplify rtmutex_slowtrylock() (mutex scalability).
- rtnetlink: fix a memory leak when ->newlink fails (bnc#915660).
- sched: Change thread_group_cputime() to use for_each_thread() (Time
scalability).
- sched: replace INIT_COMPLETION with reinit_completion.
- sched, time: Atomically increment stime & utime (Time scalability).
- scsi: storvsc: Always send on the selected outgoing channel.
- scsi: storvsc: Do not assume that the scatterlist is not chained.
- scsi: storvsc: Enable clustering.
- scsi: storvsc: Fix a bug in copy_from_bounce_buffer().
- scsi: storvsc: Increase the ring buffer size.
- scsi: storvsc: Retrieve information about the capability of the target.
- scsi: storvsc: Set the tablesize based on the information given by the
host.
- scsi: storvsc: Size the queue depth based on the ringbuffer size.
- storvsc: fix a bug in storvsc limits.
- storvsc: force discovery of LUNs that may have been removed.
- storvsc: force SPC-3 compliance on win8 and win8 r2 hosts.
- storvsc: in responce to a scan event, scan the host.
- take read_seqbegin_or_lock() and friends to seqlock.h (Time scalability).
- tcp: prevent fetching dst twice in early demux code (bnc#903997
bnc#919719).
- time, signal: Protect resource use statistics with seqlock -kabi (Time
scalability).
- time, signal: Protect resource use statistics with seqlock (Time
scalability).
- udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309).
- Update Xen patches to 3.12.39.
- virtio: rng: add derating factor for use by hwrng core (bsc#918615).
- x86, AVX-512: AVX-512 Feature Detection (bsc#921527).
- x86, AVX-512: Enable AVX-512 States Context Switch (bsc#921527).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080).


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Workstation Extension 12:

zypper in -t patch SUSE-SLE-WE-12-2015-152=1

- SUSE Linux Enterprise Software Development Kit 12:

zypper in -t patch SUSE-SLE-SDK-12-2015-152=1

- SUSE Linux Enterprise Server 12:

zypper in -t patch SUSE-SLE-SERVER-12-2015-152=1

- SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-152=1

- SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-152=1

- SUSE Linux Enterprise Desktop 12:

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-152=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Workstation Extension 12 (x86_64):

kernel-default-debuginfo-3.12.39-47.1
kernel-default-debugsource-3.12.39-47.1
kernel-default-extra-3.12.39-47.1
kernel-default-extra-debuginfo-3.12.39-47.1

- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

kernel-obs-build-3.12.39-47.2
kernel-obs-build-debugsource-3.12.39-47.2

- SUSE Linux Enterprise Software Development Kit 12 (noarch):

kernel-docs-3.12.39-47.3

- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

kernel-default-3.12.39-47.1
kernel-default-base-3.12.39-47.1
kernel-default-base-debuginfo-3.12.39-47.1
kernel-default-debuginfo-3.12.39-47.1
kernel-default-debugsource-3.12.39-47.1
kernel-default-devel-3.12.39-47.1
kernel-syms-3.12.39-47.1

- SUSE Linux Enterprise Server 12 (x86_64):

kernel-xen-3.12.39-47.1
kernel-xen-base-3.12.39-47.1
kernel-xen-base-debuginfo-3.12.39-47.1
kernel-xen-debuginfo-3.12.39-47.1
kernel-xen-debugsource-3.12.39-47.1
kernel-xen-devel-3.12.39-47.1

- SUSE Linux Enterprise Server 12 (noarch):

kernel-devel-3.12.39-47.1
kernel-macros-3.12.39-47.1
kernel-source-3.12.39-47.1

- SUSE Linux Enterprise Server 12 (s390x):

kernel-default-man-3.12.39-47.1

- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

kernel-ec2-3.12.39-47.1
kernel-ec2-debuginfo-3.12.39-47.1
kernel-ec2-debugsource-3.12.39-47.1
kernel-ec2-devel-3.12.39-47.1
kernel-ec2-extra-3.12.39-47.1
kernel-ec2-extra-debuginfo-3.12.39-47.1

- SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_39-47-default-1-2.1
kgraft-patch-3_12_39-47-xen-1-2.1

- SUSE Linux Enterprise Desktop 12 (x86_64):

kernel-default-3.12.39-47.1
kernel-default-debuginfo-3.12.39-47.1
kernel-default-debugsource-3.12.39-47.1
kernel-default-devel-3.12.39-47.1
kernel-default-extra-3.12.39-47.1
kernel-default-extra-debuginfo-3.12.39-47.1
kernel-syms-3.12.39-47.1
kernel-xen-3.12.39-47.1
kernel-xen-debuginfo-3.12.39-47.1
kernel-xen-debugsource-3.12.39-47.1
kernel-xen-devel-3.12.39-47.1

- SUSE Linux Enterprise Desktop 12 (noarch):

kernel-devel-3.12.39-47.1
kernel-macros-3.12.39-47.1
kernel-source-3.12.39-47.1


References:

https://www.suse.com/security/cve/CVE-2015-0777.html
https://www.suse.com/security/cve/CVE-2015-2150.html
https://bugzilla.suse.com/898675
https://bugzilla.suse.com/903997
https://bugzilla.suse.com/904242
https://bugzilla.suse.com/909309
https://bugzilla.suse.com/909477
https://bugzilla.suse.com/909684
https://bugzilla.suse.com/910517
https://bugzilla.suse.com/913080
https://bugzilla.suse.com/914818
https://bugzilla.suse.com/915200
https://bugzilla.suse.com/915660
https://bugzilla.suse.com/917830
https://bugzilla.suse.com/918584
https://bugzilla.suse.com/918615
https://bugzilla.suse.com/918620
https://bugzilla.suse.com/918644
https://bugzilla.suse.com/919463
https://bugzilla.suse.com/919719
https://bugzilla.suse.com/919939
https://bugzilla.suse.com/920615
https://bugzilla.suse.com/920805
https://bugzilla.suse.com/920839
https://bugzilla.suse.com/921313
https://bugzilla.suse.com/921527
https://bugzilla.suse.com/921990
https://bugzilla.suse.com/922272
https://bugzilla.suse.com/922275
https://bugzilla.suse.com/922278
https://bugzilla.suse.com/922284
https://bugzilla.suse.com/924460

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung