SUSE SLED12 / SLES12 Security Update : Security Update for Linux Kernel (SUSE-SU-2015:0658-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to
receive various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-0777: The XEN usb backend could leak
information to the guest system due to copying
uninitialized memory.

- CVE-2015-2150: Xen and the Linux kernel did not properly
restrict access to PCI command registers, which might
have allowed local guest users to cause a denial of
service (non-maskable interrupt and host crash) by
disabling the (1) memory or (2) I/O decoding for a PCI
Express device and then accessing the device, which
triggers an Unsupported Request (UR) response.

The following non-security bugs were fixed :

- Added Little Endian support to vtpm module (bsc#918620).

- Add support for pnfs block layout. Patches not included
by default yet

- ALSA: hda - Fix regression of HD-audio controller
fallback modes (bsc#921313).

- btrfs: add missing blk_finish_plug in btrfs_sync_log()
(bnc#922284).

- btrfs: cleanup orphans while looking up default
subvolume (bsc#914818).

- btrfs: do not ignore errors from btrfs_lookup_xattr in
do_setxattr (bnc#922272).

- btrfs: fix BUG_ON in btrfs_orphan_add() when delete
unused block group (bnc#922278).

- btrfs: fix data loss in the fast fsync path
(bnc#922275).

- btrfs: fix fsync data loss after adding hard link to
inode (bnc#922275).

- cgroup: revert cgroup_mutex removal from idr_remove
(bnc#918644).

- cifs: fix use-after-free bug in find_writable_file
(bnc#909477).

- crypto: rng - RNGs must return 0 in success case
(bsc#920805).

- crypto: testmgr - fix RNG return code enforcement
(bsc#920805).

- exit: Always reap resource stats in __exit_signal()
(Time scalability).

- fork: report pid reservation failure properly
(bnc#909684).

- fsnotify: Fix handling of renames in audit (bnc#915200).

- HID: hyperv: match wait_for_completion_timeout return
type.

- hv: address compiler warnings for hv_fcopy_daemon.c.

- hv: address compiler warnings for hv_kvp_daemon.c.

- hv: check vmbus_device_create() return value in
vmbus_process_offer().

- hv: do not add redundant / in hv_start_fcopy().

- hv: hv_balloon: Do not post pressure status from
interrupt context.

- hv: hv_balloon: Fix a locking bug in the balloon driver.

- hv: hv_balloon: Make adjustments in computing the floor.

- hv: hv_fcopy: drop the obsolete message on transfer
failure.

- hv: kvp_daemon: make IPv6-only-injection work.

- hv: remove unused bytes_written from kvp_update_file().

- hv: rename sc_lock to the more generic lock.

- hv: vmbus: Fix a bug in vmbus_establish_gpadl().

- hv: vmbus: hv_process_timer_expiration() can be static.

- hv: vmbus: Implement a clockevent device.

- hv: vmbus: serialize Offer and Rescind offer.

- hv: vmbus: Support a vmbus API for efficiently sending
page arrays.

- hv: vmbus: Use get_cpu() to get the current CPU.

- hyperv: fix sparse warnings.

- hyperv: Fix the error processing in netvsc_send().

- hyperv: match wait_for_completion_timeout return type.

- hyperv: netvsc.c: match wait_for_completion_timeout
return type.

- iommu/vt-d: Fix dmar_domain leak in iommu_attach_device
(bsc#924460).

- kabi, mm: prevent endless growth of anon_vma hierarchy
(bnc#904242).

- kABI: protect linux/namei.h include in procfs.

- kABI: protect struct hif_scatter_req.

- kabi/severities: Stop maintaining the kgraft kabi

- kernel/sched/clock.c: add another clock for use with the
soft lockup watchdog (bsc#919939).

- kgr: Allow patches to require an exact kernel version
(bnc#920615).

- KVM: PPC: Book3S HV: ptes are big endian (bsc#920839).

- mm: convert the rest to new page table lock api (the
suse-only cases) (fate#315482).

- mm: fix anon_vma->degree underflow in anon_vma endless
growing prevention (bnc#904242).

- mm: fix corner case in anon_vma endless growing
prevention (bnc#904242).

- mm: prevent endless growth of anon_vma hierarchy
(bnc#904242).

- mm: prevent endless growth of anon_vma hierarchy mm:
prevent endless growth of anon_vma hierarchy
(bnc#904242).

- mm: vmscan: count only dirty pages as congested (VM
Performance, bnc#910517).

- module: Clean up ro/nx after early module load failures
(bsc#921990).

- module: set nx before marking module MODULE_STATE_COMING
(bsc#921990).

- net: add sysfs helpers for netdev_adjacent logic
(bnc#915660).

- net: correct error path in rtnl_newlink() (bnc#915660).

- net: fix creation adjacent device symlinks (bnc#915660).

- net: prevent of emerging cross-namespace symlinks
(bnc#915660).

- net: rename sysfs symlinks on device name change
(bnc#915660).

- nfs: cap request size to fit a kmalloced page array
(bnc#898675).

- nfs: commit layouts in fdatasync (bnc#898675).

- NFSv4.1: Do not trust attributes if a pNFS LAYOUTCOMMIT
is outstanding (bnc#898675).

- NFSv4.1: Ensure that the layout recall callback matches
layout stateids (bnc#898675).

- NFSv4.1: Ensure that we free existing layout segments if
we get a new layout (bnc#898675).

- NFSv4.1: Fix a race in nfs4_write_inode (bnc#898675).

- NFSv4.1: Fix wraparound issues in pnfs_seqid_is_newer()
(bnc#898675).

- NFSv4.1: Minor optimisation in get_layout_by_fh_locked()
(bnc#898675).

- NFSv4: Do not update the open stateid unless it is newer
than the old one (bnc#898675).

- pnfs: add a common GETDEVICELIST implementation
(bnc#898675).

- pnfs: add a nfs4_get_deviceid helper (bnc#898675).

- pnfs: add flag to force read-modify-write in
->write_begin (bnc#898675).

- pnfs: add return_range method (bnc#898675).

- pnfs: allow splicing pre-encoded pages into the
layoutcommit args (bnc#898675).

- pnfs: avoid using stale stateids after layoutreturn
(bnc#898675).

- pnfs/blocklayout: allocate separate pages for the
layoutcommit payload (bnc#898675).

- pnfs/blocklayout: correctly decrement extent length
(bnc#898675).

- pnfs/blocklayout: do not set pages uptodate
(bnc#898675).

- pnfs/blocklayout: Fix a 64-bit division/remainder issue
in bl_map_stripe (bnc#898675).

- pnfs/blocklayout: implement the return_range method
(bnc#898675).

- pnfs/blocklayout: improve GETDEVICEINFO error reporting
(bnc#898675).

- pnfs/blocklayout: include vmalloc.h for __vmalloc
(bnc#898675).

- pnfs/blocklayout: in-kernel GETDEVICEINFO XDR parsing
(bnc#898675).

- pnfs/blocklayout: move all rpc_pipefs related code into
a single file (bnc#898675).

- pnfs/blocklayout: move extent processing to
blocklayout.c (bnc#898675).

- pnfs/blocklayout: plug block queues (bnc#898675).

- pnfs/blocklayout: refactor extent processing
(bnc#898675).

- pnfs/blocklayout: reject pnfs blocksize larger than page
size (bnc#898675).

- pNFS/blocklayout: Remove a couple of unused variables
(bnc#898675).

- pnfs/blocklayout: remove read-modify-write handling in
bl_write_pagelist (bnc#898675).

- pnfs/blocklayout: remove some debugging (bnc#898675).

- pnfs/blocklayout: return layouts on setattr
(bnc#898675).

- pnfs/blocklayout: rewrite extent tracking (bnc#898675).

- pnfs/blocklayout: use the device id cache (bnc#898675).

- pnfs: do not check sequence on new stateids in layoutget
(bnc#898675).

- pnfs: do not pass uninitialized lsegs to ->free_lseg
(bnc#898675).

- pnfs: enable CB_NOTIFY_DEVICEID support (bnc#898675).

- pnfs: factor GETDEVICEINFO implementations (bnc#898675).

- pnfs: force a layout commit when encountering busy
segments during recall (bnc#898675).

- pnfs: remove GETDEVICELIST implementation (bnc#898675).

- pnfs: retry after a bad stateid error from layoutget
(bnc#898675).

- powerpc: add running_clock for powerpc to prevent
spurious softlockup warnings (bsc#919939).

- powerpc/pseries: Fix endian problems with LE migration
(bsc#918584).

- remove cgroup_mutex around deactivate_super because it
might be dangerous.

- rtmutex: Document pi chain walk (mutex scalability).

- rtmutex: No need to keep task ref for lock owner check
(mutex scalability).

- rtmutex: Simplify rtmutex_slowtrylock() (mutex
scalability).

- rtnetlink: fix a memory leak when ->newlink fails
(bnc#915660).

- sched: Change thread_group_cputime() to use
for_each_thread() (Time scalability).

- sched: replace INIT_COMPLETION with reinit_completion.

- sched, time: Atomically increment stime & utime (Time
scalability).

- scsi: storvsc: Always send on the selected outgoing
channel.

- scsi: storvsc: Do not assume that the scatterlist is not
chained.

- scsi: storvsc: Enable clustering.

- scsi: storvsc: Fix a bug in copy_from_bounce_buffer().

- scsi: storvsc: Increase the ring buffer size.

- scsi: storvsc: Retrieve information about the capability
of the target.

- scsi: storvsc: Set the tablesize based on the
information given by the host.

- scsi: storvsc: Size the queue depth based on the
ringbuffer size.

- storvsc: fix a bug in storvsc limits.

- storvsc: force discovery of LUNs that may have been
removed.

- storvsc: force SPC-3 compliance on win8 and win8 r2
hosts.

- storvsc: in responce to a scan event, scan the host.

- take read_seqbegin_or_lock() and friends to seqlock.h
(Time scalability).

- tcp: prevent fetching dst twice in early demux code
(bnc#903997 bnc#919719).

- time, signal: Protect resource use statistics with
seqlock -kabi (Time scalability).

- time, signal: Protect resource use statistics with
seqlock (Time scalability).

- udp: only allow UFO for packets from SOCK_DGRAM sockets
(bnc#909309).

- Update Xen patches to 3.12.39.

- virtio: rng: add derating factor for use by hwrng core
(bsc#918615).

- x86, AVX-512: AVX-512 Feature Detection (bsc#921527).

- x86, AVX-512: Enable AVX-512 States Context Switch
(bsc#921527).

- xenbus: add proper handling of XS_ERROR from Xenbus for
transactions.

- xfs: xfs_alloc_fix_minleft can underflow near ENOSPC
(bnc#913080).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/898675
https://bugzilla.suse.com/903997
https://bugzilla.suse.com/904242
https://bugzilla.suse.com/909309
https://bugzilla.suse.com/909477
https://bugzilla.suse.com/909684
https://bugzilla.suse.com/910517
https://bugzilla.suse.com/913080
https://bugzilla.suse.com/914818
https://bugzilla.suse.com/915200
https://bugzilla.suse.com/915660
https://bugzilla.suse.com/917830
https://bugzilla.suse.com/918584
https://bugzilla.suse.com/918615
https://bugzilla.suse.com/918620
https://bugzilla.suse.com/918644
https://bugzilla.suse.com/919463
https://bugzilla.suse.com/919719
https://bugzilla.suse.com/919939
https://bugzilla.suse.com/920615
https://bugzilla.suse.com/920805
https://bugzilla.suse.com/920839
https://bugzilla.suse.com/921313
https://bugzilla.suse.com/921527
https://bugzilla.suse.com/921990
https://bugzilla.suse.com/922272
https://bugzilla.suse.com/922275
https://bugzilla.suse.com/922278
https://bugzilla.suse.com/922284
https://bugzilla.suse.com/924460
https://www.suse.com/security/cve/CVE-2015-0777.html
https://www.suse.com/security/cve/CVE-2015-2150.html
http://www.nessus.org/u?1adafe84

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-152=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-152=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-152=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-152=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-152=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-152=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 3.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 83709 ()

Bugtraq ID: 73014
73921

CVE ID: CVE-2015-0777
CVE-2015-2150

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now