SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-7799: The slhc_init function in
drivers/net/slip/slhc.c in the Linux kernel did not
ensure that certain slot numbers were valid, which
allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via a crafted
PPPIOCSMAXCID ioctl call (bnc#949936).

- CVE-2015-5283: The sctp_init function in
net/sctp/protocol.c in the Linux kernel had an incorrect
sequence of protocol-initialization steps, which allowed
local users to cause a denial of service (panic or
memory corruption) by creating SCTP sockets before all
of the steps have finished (bnc#947155).

- CVE-2015-2925: The prepend_path function in fs/dcache.c
in the Linux kernel did not properly handle rename
actions inside a bind mount, which allowed local users
to bypass an intended container protection mechanism by
renaming a directory, related to a 'double-chroot attack

- CVE-2015-8104: The KVM subsystem in the Linux kernel
allowed guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #DB (aka
Debug) exceptions, related to svm.c (bnc#954404).

- CVE-2015-5307: The KVM subsystem in the Linux kernel
allowed guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #AC (aka
Alignment Check) exceptions, related to svm.c and vmx.c

- CVE-2015-7990: RDS: There was no verification that an
underlying transport exists when creating a connection,
causing usage of a NULL pointer (bsc#952384).

- CVE-2015-7872: The key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local
users to cause a denial of service (OOPS) via crafted
keyctl commands (bnc#951440).

- CVE-2015-0272: Missing checks allowed remote attackers
to cause a denial of service (IPv6 traffic disruption)
via a crafted MTU value in an IPv6 Router Advertisement
(RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).

The following non-security bugs were fixed :

- ALSA: hda - Disable 64bit address for Creative HDA
controllers (bnc#814440).

- Add PCI IDs of Intel Sunrise Point-H SATA Controller
S232/236 (bsc#953796).

- Btrfs: fix file corruption and data loss after cloning
inline extents (bnc#956053).

- Btrfs: fix truncation of compressed and inlined extents

- Disable some ppc64le netfilter modules to restore the
kabi (bsc#951546)

- Fix regression in NFSRDMA server (bsc#951110).

- KEYS: Fix race between key destruction and finding a
keyring by name (bsc#951440).

- KVM: x86: call irq notifiers with directed EOI

- NVMe: Add shutdown timeout as module parameter

- NVMe: Mismatched host/device page size support

- PCI: Drop 'setting latency timer' messages (bsc#956047).

- SCSI: Fix hard lockup in scsi_remove_target()

- SCSI: hosts: update to use ida_simple for host_no

- SUNRPC: Fix oops when trace sunrpc_task events in nfs
client (bnc#956703).

- Sync ppc64le netfilter config options with other archs

- Update kabi files with sbc_parse_cdb symbol change

- apparmor: allow SYS_CAP_RESOURCE to be sufficient to
prlimit another task (bsc#921949).

- apparmor: temporary work around for bug while unloading
policy (boo#941867).

- audit: correctly record file names with different path
name types (bsc#950013).

- audit: create private file name copies when auditing
inodes (bsc#950013).

- cpu: Defer smpboot kthread unparking until CPU known to
scheduler (bsc#936773).

- dlm: make posix locks interruptible, (bsc#947241).

- dm sysfs: introduce ability to add writable attributes

- dm-snap: avoid deadock on s->lock when a read is split

- dm: do not start current request if it would've merged
with the previous (bsc#904348).

- dm: impose configurable deadline for dm_request_fn's
merge heuristic (bsc#904348).

- dmapi: Fix xfs dmapi to not unlock and lock
XFS_ILOCK_EXCL (bsc#949744).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with
HPD interrupt, v2 (bsc#942938).

- drm/i915: add hotplug activation period to hotplug
update mask (bsc#953980).

- fanotify: fix notification of groups with inode and
mount marks (bsc#955533).

- genirq: Make sure irq descriptors really exist when
__irq_alloc_descs returns (bsc#945626).

- hv: vss: run only on supported host versions

- ipv4: Do not increase PMTU with Datagram Too Big message

- ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of
rt->dst.flags (bsc#947321).

- ipv6: Consider RTF_CACHE when searching the fib6 tree

- ipv6: Extend the route lookups to low priority metrics

- ipv6: Stop /128 route from disappearing after pmtu
update (bsc#947321).

- ipv6: Stop rt6_info from using inet_peer's metrics

- ipv6: distinguish frag queues by device for multicast
and link-local packets (bsc#955422).

- ipvs: drop first packet to dead server (bsc#946078).

- kABI: protect struct ahci_host_priv.

- kABI: protect struct rt6_info changes from bsc#947321
changes (bsc#947321).

- kabi: Hide rt6_* types from genksyms on ppc64le

- kabi: Restore kabi in struct iscsi_tpg_attrib

- kabi: Restore kabi in struct se_cmd (bsc#954635).

- kabi: Restore kabi in struct se_subsystem_api

- kabi: protect skb_copy_and_csum_datagram_iovec()
signature (bsc#951199).

- kgr: fix migration of kthreads to the new universe.

- kgr: wake up kthreads periodically.

- ktime: add ktime_after and ktime_before helper

- macvlan: Support bonding events (bsc#948521).

- net: add length argument to
skb_copy_and_csum_datagram_iovec (bsc#951199).

- net: handle null iovec pointer in
skb_copy_and_csum_datagram_iovec() (bsc#951199).

- pci: Update VPD size with correct length (bsc#924493).

- rcu: Eliminate deadlock between CPU hotplug and
expedited grace periods (bsc#949706).

- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).

- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).

- rtc: cmos: Cancel alarm timer if alarm time is equal to
now+1 seconds (bsc#930145).

- rtc: cmos: Revert 'rtc-cmos: Add an alarm disable quirk'

- sched/core: Fix task and run queue sched_info::run_delay
inconsistencies (bnc#949100).

- sunrpc/cache: make cache flushing more reliable

- supported.conf: Add missing dependencies of supported
modules hwmon_vid needed by nct6775 hwmon_vid needed by
w83627ehf reed_solomon needed by ramoops

- supported.conf: Fix dependencies on ppc64le of_mdio
needed by mdio-gpio

- target/pr: fix core_scsi3_pr_seq_non_holder() caller

- target/rbd: fix COMPARE AND WRITE page vector leak

- target/rbd: fix PR info memory leaks (bnc#948831).

- target: Send UA upon LUN RESET tmr completion

- target: use '^A' when allocating UAs (bsc#933514).

- usbvision fix overflow of interfaces array (bnc#950998).

- vmxnet3: Fix ethtool -S to return correct rx queue stats

- vmxnet3: adjust ring sizes when interface is down

- x86/efi: Fix boot crash by mapping EFI memmap entries
bottom-up at runtime, instead of top-down (bsc#940853).

- x86/evtchn: make use of PHYSDEVOP_map_pirq.

- x86/mm/hotplug: Modify PGD entry when removing memory
(VM Functionality, bnc#955148).

- x86/mm/hotplug: Pass sync_global_pgds() a correct
argument in remove_pagetable() (VM Functionality,

- xfs: DIO needs an ioend for writes (bsc#949744).

- xfs: DIO write completion size updates race

- xfs: DIO writes within EOF do not need an ioend

- xfs: always drain dio before extending aio write
submission (bsc#949744).

- xfs: direct IO EOF zeroing needs to drain AIO

- xfs: do not allocate an ioend for direct I/O completions

- xfs: factor DIO write mapping from get_blocks

- xfs: handle DIO overwrite EOF update completion
correctly (bsc#949744).

- xfs: move DIO mapping size calculation (bsc#949744).

- xfs: using generic_file_direct_write() is unnecessary

- xhci: Add spurious wakeup quirk for LynxPoint-LP
controllers (bnc#951165).

- xhci: change xhci 1.0 only restrictions to support xhci
1.1 (bnc#949463).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-945=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-945=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.1
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 87214 ()

Bugtraq ID: 73926

CVE ID: CVE-2015-0272

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now