SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2108-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
receive various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-8104: Prevent guest to host DoS caused by
infinite loop in microcode via #DB exception

- CVE-2015-5307: Prevent guest to host DoS caused by
infinite loop in microcode via #AC exception

- CVE-2015-7990: RDS: Verify the underlying transport
exists before creating a connection, preventing possible
DoS (bsc#952384).

- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux
kernel on the x86_64 platform mishandled IRET faults in
processing NMIs that occurred during userspace
execution, which might have allowed local users to gain
privileges by triggering an NMI (bsc#938706).

- CVE-2015-7872: Possible crash when trying to garbage
collect an uninstantiated keyring (bsc#951440).

- CVE-2015-0272: Prevent remote DoS using IPv6 RA with
bogus MTU by validating before applying it (bsc#944296).

- CVE-2015-6937: The __rds_conn_create function in
net/rds/connection.c in the Linux kernel allowed local
users to cause a denial of service (NULL pointer
dereference and system crash) or possibly have
unspecified other impact by using a socket that was not
properly bound (bsc#945825).

- CVE-2015-6252: The vhost_dev_ioctl function in
drivers/vhost/vhost.c in the Linux kernel allowed local
users to cause a denial of service (memory consumption)
via a VHOST_SET_LOG_FD ioctl call that triggered
permanent file-descriptor allocation (bsc#942367).

The following non-security bugs were fixed :

- alsa: hda - Disable 64bit address for Creative HDA
controllers (bsc#814440).

- btrfs: fix hang when failing to submit bio of directIO

- btrfs: fix memory corruption on failure to submit bio
for direct IO (bsc#942688).

- btrfs: fix put dio bio twice when we submit dio bio fail

- dm sysfs: introduce ability to add writable attributes

- dm-snap: avoid deadock on s->lock when a read is split

- dm: do not start current request if it would have merged
with the previous (bsc#904348).

- dm: impose configurable deadline for dm_request_fn merge
heuristic (bsc#904348).

- drm/i915: (re)init HPD interrupt storm statistics

- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).

- drm/i915: Add Reenable Timer to turn Hotplug Detection
back on (v4) (bsc#942938).

- drm/i915: Add bit field to record which pins have
received HPD events (v3) (bsc#942938).

- drm/i915: Add enum hpd_pin to intel_encoder

- drm/i915: Add messages useful for HPD storm detection
debugging (v2) (bsc#942938).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with
HPD interrupt (bsc#942938).

- drm/i915: Convert HPD interrupts to make use of HPD pin
assignment in encoders (v2) (bsc#942938).

- drm/i915: Disable HPD interrupt on pin when irq storm is
detected (v3) (bsc#942938).

- drm/i915: Do not WARN nor handle unexpected hpd
interrupts on gmch platforms (bsc#942938).

- drm/i915: Enable hotplug interrupts after querying hw
capabilities (bsc#942938).

- drm/i915: Fix DDC probe for passive adapters
(bsc#900610, fdo#85924).

- drm/i915: Fix hotplug interrupt enabling for SDVOC

- drm/i915: Fix up sdvo hpd pins for i965g/gm

- drm/i915: Get rid if the '^A' in struct drm_i915_private

- drm/i915: Make hpd arrays big enough to avoid out of
bounds access (bsc#942938).

- drm/i915: Mask out the HPD irq bits before setting them
individually (bsc#942938).

- drm/i915: Only print hotplug event message when hotplug
bit is set (bsc#942938).

- drm/i915: Only reprobe display on encoder which has
received an HPD event (v2) (bsc#942938).

- drm/i915: Queue reenable timer also when
enable_hotplug_processing is false (bsc#942938).

- drm/i915: Remove i965_hpd_irq_setup (bsc#942938).

- drm/i915: Remove pch_rq_mask from struct
drm_i915_private (bsc#942938).

- drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).

- drm/i915: Use an interrupt save spinlock in
intel_hpd_irq_handler() (bsc#942938).

- drm/i915: WARN_ONCE() about unexpected interrupts for
all chipsets (bsc#942938).

- drm/i915: add hotplug activation period to hotplug
update mask (bsc#953980).

- drm/i915: assert_spin_locked for pipestat interrupt
enable/disable (bsc#942938).

- drm/i915: clear crt hotplug compare voltage field before
setting (bsc#942938).

- drm/i915: close tiny race in the ilk pcu even interrupt
setup (bsc#942938).

- drm/i915: fix hotplug event bit tracking (bsc#942938).

- drm/i915: fix hpd interrupt register locking

- drm/i915: fix hpd work vs. flush_work in the pageflip
code deadlock (bsc#942938).

- drm/i915: fix locking around
ironlake_enable|disable_display_irq (bsc#942938).

- drm/i915: fold the hpd_irq_setup call into
intel_hpd_irq_handler (bsc#942938).

- drm/i915: fold the no-irq check into
intel_hpd_irq_handler (bsc#942938).

- drm/i915: fold the queue_work into intel_hpd_irq_handler

- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).

- drm/i915:

- ehci-pci: enable interrupt on BayTrail (bnc926007).

- fix lpfc_send_rscn_event allocation size claims

- hugetlb: simplify migrate_huge_page() (bsc#947957, VM

- hwpoison, hugetlb: lock_page/unlock_page does not match
for handling a free hugepage (bsc#947957).

- ib/iser: Add Discovery support (bsc#923002).

- ib/iser: Move informational messages from error to info
level (bsc#923002).

- ib/srp: Avoid skipping srp_reset_host() after a
transport error (bsc#904965).

- ib/srp: Fix a sporadic crash triggered by cable pulling

- inotify: Fix nested sleeps in inotify_read()

- ipv6: fix tunnel error handling (bsc#952579).

- ipv6: probe routes asynchronous in rt6_probe

- ipvs: Fix reuse connection if real server is dead

- ipvs: drop first packet to dead server (bsc#946078).

- keys: Fix race between key destruction and finding a
keyring by name (bsc#951440).

- ktime: add ktime_after and ktime_before helpe

- lib/string.c: introduce memchr_inv() (bsc#930788).

- libiscsi: Exporting new attrs for iscsi session and
connection in sysfs (bsc#923002).

- macvlan: Support bonding events bsc#948521

- make sure XPRT_CONNECTING gets cleared when needed

- memory-failure: do code refactor of soft_offline_page()

- memory-failure: fix an error of mce_bad_pages statistics

- memory-failure: use num_poisoned_pages instead of
mce_bad_pages (bsc#947957).

- memory-hotplug: update mce_bad_pages when removing the
memory (bsc#947957).

- mm/memory-failure.c: fix wrong num_poisoned_pages in
handling memory error on thp (bsc#947957).

- mm/memory-failure.c: recheck PageHuge() after hugetlb
page migrate successfully (bsc#947957).

- mm/migrate.c: pair unlock_page() and lock_page() when
migrating huge pages (bsc#947957).

- mm: exclude reserved pages from dirtyable memory 32b fix
(bsc#940017, bsc#949298).

- mm: make page pfmemalloc check more robust (bsc#920016).

- netfilter: nf_conntrack_proto_sctp: minimal multihoming
support (bsc#932350).

- pci: Add VPD function 0 quirk for Intel Ethernet devices

- pci: Add dev_flags bit to access VPD through function 0

- pci: Add flag indicating device has been assigned by KVM

- pci: Clear NumVFs when disabling SR-IOV in sriov_init()

- pci: Refresh First VF Offset and VF Stride when updating
NumVFs (bsc#952084).

- pci: Update NumVFs register when disabling SR-IOV

- pci: delay configuration of SRIOV capability

- pci: set pci sriov page size before reading SRIOV BAR

- pktgen: clean up ktime_t helpers (bsc#904348).

- qla2xxx: Do not reset adapter if SRB handle is in range

- qla2xxx: Remove decrement of sp reference count in abort
handler (bsc#944993).

- qla2xxx: do not clear slot in outstanding cmd array

- r8169: remember WOL preferences on driver load

- rcu: Eliminate deadlock between CPU hotplug and
expedited grace periods (bsc#949706).

- rtc: cmos: Cancel alarm timer if alarm time is equal to
now+1 seconds (bsc#930145).

- sched/core: Fix task and run queue sched_info::run_delay
inconsistencies (bsc#949100).

- scsi: fix scsi_error_handler vs. scsi_host_dev_release
race (bsc#942204).

- scsi: hosts: update to use ida_simple for host_no

- scsi: kabi: allow iscsi disocvery session support

- scsi_transport_iscsi: Exporting new attrs for iscsi
session and connection in sysfs (bsc#923002).

- sg: fix read() error reporting (bsc#926774).

- usb: xhci: Prefer endpoint context dequeue pointer over
stopped_trb (bsc#933721).

- usb: xhci: Reset a halted endpoint immediately when we
encounter a stall (bsc#933721).

- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI
controllers (bsc#944989).

- usb: xhci: do not start a halted endpoint before its new
dequeue is set (bsc#933721).

- usb: xhci: handle Config Error Change (CEC) in xhci
driver (bsc#933721).

- x86/tsc: Change Fast TSC calibration failed from error
to info (bsc#942605).

- x86: mm: drop TLB flush from ptep_set_access_flags

- x86: mm: only do a local tlb flush in
ptep_set_access_flags() (bsc#948330).

- xfs: Fix lost direct IO write in the last block

- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).

- xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788).

- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788).

- xfs: add background scanning to clear eofblocks inodes

- xfs: add inode id filtering to eofblocks scan

- xfs: add minimum file size filtering to eofblocks scan

- xfs: create function to scan and clear EOFBLOCKS inodes

- xfs: create helper to check whether to free eofblocks on
inode (bsc#930788).

- xfs: introduce a common helper xfs_icluster_size_fsb

- xfs: make xfs_free_eofblocks() non-static, return EAGAIN
on trylock failure (bsc#930788).

- xfs: support a tag-based inode_ag_iterator (bsc#930788).

- xfs: support multiple inode id filtering in eofblocks
scan (bsc#930788).

- xfs: use xfs_icluster_size_fsb in xfs_bulkstat

- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init

- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster

- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).

- xhci: Add spurious wakeup quirk for LynxPoint-LP
controllers (bsc#949981).

- xhci: Allocate correct amount of scratchpad buffers

- xhci: Calculate old endpoints correctly on device reset

- xhci: Do not enable/disable RWE on bus suspend/resume

- xhci: For streams the css flag most be read from the
stream-ctx on ep stop (bsc#945691).

- xhci: Solve full event ring by increasing
TRBS_PER_SEGMENT to 256 (bsc#933721).

- xhci: Treat not finding the event_seg on COMP_STOP the
same as COMP_STOP_INVAL (bsc#933721).

- xhci: Workaround for PME stuck issues in Intel xhci

- xhci: change xhci 1.0 only restrictions to support xhci
1.1 (bsc#949502).

- xhci: do not report PLC when link is in internal resume
state (bsc#933721).

- xhci: fix isoc endpoint dequeue from advancing too far
on transaction error (bsc#944837).

- xhci: fix reporting of 0-sized URBs in control endpoint

- xhci: report U3 when link is in resume state

- xhci: rework cycle bit checking for new dequeue pointers

- xhci: use uninterruptible sleep for waiting for internal
operations (bsc#939955).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-kernel-source-12226=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-kernel-source-12226=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-kernel-source-12226=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-source-12226=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-kernel-source-12226=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-kernel-source-12226=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 5.8
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 87104 ()

Bugtraq ID: 76005

CVE ID: CVE-2015-0272

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now