SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2292-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to
receive various security and bugfixes.

Following features were added :

- hwrng: Add a driver for the hwrng found in power7+
systems (fate#315784).

Following security bugs were fixed :

- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in
the Linux kernel did not validate attempted changes to
the MTU value, which allowed context-dependent attackers
to cause a denial of service (packet loss) via a value
that is (1) smaller than the minimum compliant value or
(2) larger than the MTU of an interface, as demonstrated
by a Router Advertisement (RA) message that is not
validated by a daemon, a different vulnerability than
CVE-2015-0272. (bsc#955354)

- CVE-2015-5156: The virtnet_probe function in
drivers/net/virtio_net.c in the Linux kernel attempted
to support a FRAGLIST feature without proper memory
allocation, which allowed guest OS users to cause a
denial of service (buffer overflow and memory
corruption) via a crafted sequence of fragmented packets
(bnc#940776).

- CVE-2015-7872: The key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local
users to cause a denial of service (OOPS) via crafted
keyctl commands (bnc#951440).

- CVE-2015-7799: The slhc_init function in
drivers/net/slip/slhc.c in the Linux kernel did not
ensure that certain slot numbers are valid, which
allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via a crafted
PPPIOCSMAXCID ioctl call (bnc#949936).

- CVE-2015-2925: The prepend_path function in fs/dcache.c
in the Linux kernel did not properly handle rename
actions inside a bind mount, which allowed local users
to bypass an intended container protection mechanism by
renaming a directory, related to a 'double-chroot attack
(bnc#926238).

- CVE-2015-7990: RDS: Verify the underlying transport
exists before creating a connection, preventing possible
DoS (bsc#952384).

The following non-security bugs were fixed :

- af_iucv: avoid path quiesce of severed path in
shutdown() (bnc#954986, LTC#131684).

- alsa: hda - Disable 64bit address for Creative HDA
controllers (bnc#814440).

- alsa: hda - Fix noise problems on Thinkpad T440s
(boo#958504).

- alsa: hda - Fix noise problems on Thinkpad T440s
(boo#958504).

- apparmor: allow SYS_CAP_RESOURCE to be sufficient to
prlimit another task (bsc#921949).

- audit: correctly record file names with different path
name types (bsc#950013).

- audit: create private file name copies when auditing
inodes (bsc#950013).

- bcache: Add btree_insert_node() (bnc#951638).

- bcache: Add explicit keylist arg to btree_insert()
(bnc#951638).

- bcache: backing device set to clean after finishing
detach (bsc#951638).

- bcache: backing device set to clean after finishing
detach (bsc#951638).

- bcache: Clean up keylist code (bnc#951638).

- bcache: Convert btree_insert_check_key() to
btree_insert_node() (bnc#951638).

- bcache: Convert bucket_wait to wait_queue_head_t
(bnc#951638).

- bcache: Convert try_wait to wait_queue_head_t
(bnc#951638).

- bcache: Explicitly track btree node's parent
(bnc#951638).

- bcache: Fix a bug when detaching (bsc#951638).

- bcache: Fix a lockdep splat in an error path
(bnc#951638).

- bcache: Fix a shutdown bug (bsc#951638).

- bcache: Fix more early shutdown bugs (bsc#951638).

- bcache: Fix sysfs splat on shutdown with flash only devs
(bsc#951638).

- bcache: Insert multiple keys at a time (bnc#951638).

- bcache: kill closure locking usage (bnc#951638).

- bcache: Refactor journalling flow control (bnc#951638).

- bcache: Refactor request_write() (bnc#951638).

- bcache: Use blkdev_issue_discard() (bnc#951638).

- btrfs: Adjust commit-transaction condition to avoid
NO_SPACE more (bsc#958647).

- btrfs: Adjust commit-transaction condition to avoid
NO_SPACE more (bsc#958647).

- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).

- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).

- btrfs: fix condition of commit transaction (bsc#958647).

- btrfs: fix condition of commit transaction (bsc#958647).

- btrfs: fix file corruption and data loss after cloning
inline extents (bnc#956053).

- btrfs: Fix out-of-space bug (bsc#958647).

- btrfs: Fix out-of-space bug (bsc#958647).

- btrfs: Fix tail space processing in
find_free_dev_extent() (bsc#958647).

- btrfs: Fix tail space processing in
find_free_dev_extent() (bsc#958647).

- btrfs: fix the number of transaction units needed to
remove a block group (bsc#958647).

- btrfs: fix the number of transaction units needed to
remove a block group (bsc#958647).

- btrfs: fix truncation of compressed and inlined extents
(bnc#956053).

- btrfs: Set relative data on clear
btrfs_block_group_cache->pinned (bsc#958647).

- btrfs: Set relative data on clear
btrfs_block_group_cache->pinned (bsc#958647).

- btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#958647).

- btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#958647).

- cache: Fix sysfs splat on shutdown with flash only devs
(bsc#951638).

- cpu: Defer smpboot kthread unparking until CPU known to
scheduler (bsc#936773).

- cpusets, isolcpus: exclude isolcpus from load balancing
in cpusets (bsc#957395).

- cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from
128 to 256 bytes (bsc#950580).

- dlm: make posix locks interruptible, (bsc#947241).

- dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL
(bsc#949744).

- dm: do not start current request if it would've merged
with the previous (bsc#904348).

- dm: impose configurable deadline for dm_request_fn's
merge heuristic (bsc#904348).

- dm-snap: avoid deadock on s->lock when a read is split
(bsc#939826).

- dm sysfs: introduce ability to add writable attributes
(bsc#904348).

- drm: Allocate new master object when client becomes
master (bsc#956876, bsc#956801).

- drm: Fix KABI of 'struct drm_file' (bsc#956876,
bsc#956801).

- drm/i915: add hotplug activation period to hotplug
update mask (bsc#953980).

- drm/i915: clean up backlight conditional build
(bsc#941113).

- drm/i915: debug print on backlight register
(bsc#941113).

- drm/i915: do full backlight setup at enable time
(bsc#941113).

- drm/i915: do not save/restore backlight registers in KMS
(bsc#941113).

- drm/i915: Eliminate lots of WARNs when there's no
backlight present (bsc#941113).

- drm/i915: fix gen2-gen3 backlight set
(bsc#941113,bsc#953971).

- drm/i915: Fix gen3 self-refresh watermarks
(bsc#953830,bsc#953971).

- drm/i915: Fix missing backlight update during panel
disablement (bsc#941113).

- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).

- drm/i915: gather backlight information at setup
(bsc#941113).

- drm/i915: handle backlight through chip specific
functions (bsc#941113).

- drm/i915: Ignore 'digital output' and 'not HDMI output'
bits for eDP detection (bsc#949192).

- drm/i915: make asle notifications update backlight on
all connectors (bsc#941113).

- drm/i915: make backlight info per-connector
(bsc#941113).

- drm/i915: move backlight level setting in enable/disable
to hooks (bsc#941113).

- drm/i915: move opregion asle request handling to a work
queue (bsc#953826).

- drm/i915: nuke get max backlight functions (bsc#941113).

- drm/i915/opregion: fix build error on CONFIG_ACPI=n
(bsc#953826).

- drm/i915: restore backlight precision when converting
from ACPI (bsc#941113).

- drm/i915/tv: add ->get_config callback (bsc#953830).

- drm/i915: use backlight legacy combination mode also for
i915gm/i945gm (bsc#941113).

- drm/i915: use the initialized backlight max value
instead of reading it (bsc#941113).

- drm/i915: vlv does not have pipe field in backlight
registers (bsc#941113).

- fanotify: fix notification of groups with inode & mount
marks (bsc#955533).

- Fix remove_and_add_spares removes drive added as spare
in slot_store (bsc#956717).

- genksyms: Handle string literals with spaces in
reference files (bsc#958510).

- genksyms: Handle string literals with spaces in
reference files (bsc#958510).

- hwrng: Add a driver for the hwrng found in power7+
systems (fate#315784). in the non-RT kernel to minimize
the differences.

- ipv4: Do not increase PMTU with Datagram Too Big message
(bsc#955224).

- ipv6: distinguish frag queues by device for multicast
and link-local packets (bsc#955422).

- ixgbe: fix broken PFC with X550 (bsc#951864).

- ixgbe: use correct fcoe ddp max check (bsc#951864).

- kabi: Fix spurious kabi change in mm/util.c.

- kABI: protect struct ahci_host_priv.

- kabi: Restore kabi in struct iscsi_tpg_attrib
(bsc#954635).

- kabi: Restore kabi in struct se_cmd (bsc#954635).

- kabi: Restore kabi in struct se_subsystem_api
(bsc#954635).

- ktime: add ktime_after and ktime_before helper
(bsc#904348).

- mm: factor commit limit calculation (VM Performance).

- mm: get rid of 'vmalloc_info' from /proc/meminfo (VM
Performance).

- mm: hugetlbfs: skip shared VMAs when unmapping private
pages to satisfy a fault (Automatic NUMA Balancing
(fate#315482)).

- mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE
(bnc#943959).

- mm: vmscan: never isolate more pages than necessary (VM
Performance).

- Move ktime_after patch to the networking section

- nfsrdma: Fix regression in NFSRDMA server (bsc#951110).

- pci: Drop 'setting latency timer' messages (bsc#956047).

- pci: Update VPD size with correct length (bsc#924493).

- perf/x86/intel/uncore: Delete an unnecessary check
before pci_dev_put() call (bsc#955136).

- perf/x86/intel/uncore: Delete an unnecessary check
before pci_dev_put() call (bsc#955136).

- perf/x86/intel/uncore: Fix multi-segment problem of
perf_event_intel_uncore (bsc#955136).

- perf/x86/intel/uncore: Fix multi-segment problem of
perf_event_intel_uncore (bsc#955136).

- pm, hinernate: use put_page in release_swap_writer
(bnc#943959).

- rcu: Eliminate deadlock between CPU hotplug and
expedited grace periods (bsc#949706).

- Re-add copy_page_vector_to_user()

- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).

- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).

- rpm/constraints.in: Require 14GB worth of disk space on
POWER The builds started to fail randomly due to ENOSPC
errors.

- rpm/kernel-binary.spec.in: Always build zImage for ARM

- rpm/kernel-binary.spec.in: Do not explicitly set
DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is
a selectable Kconfig option since 2.6.39 and is enabled
in our configs.

- rpm/kernel-binary.spec.in: Drop the %build_src_dir macro
It is the parent directory of the O= directory.

- rpm/kernel-binary.spec.in: really pass down
%{?_smp_mflags}

- rpm/kernel-binary.spec.in: Use parallel make in all
invocations Also, remove the lengthy comment, since we
are using a standard rpm macro now.

- rpm/kernel-binary.spec.in: Use upstream script to
support config.addon

- s390/dasd: fix disconnected device with valid path mask
(bnc#954986, LTC#132707).

- s390/dasd: fix invalid PAV assignment after
suspend/resume (bnc#954986, LTC#132706).

- s390/dasd: fix list_del corruption after lcu changes
(bnc#954986, LTC#133077).

- sched: Call select_idle_sibling() when not affine_sd
(Scheduler Performance).

- sched/core: Fix task and run queue sched_info::run_delay
inconsistencies (bnc#949100).

- sched, isolcpu: make cpu_isolated_map visible outside
scheduler (bsc#957395).

- sched/numa: Check all nodes when placing a
pseudo-interleaved group (Automatic NUMA Balancing
(fate#315482)).

- sched/numa: Fix math underflow in task_tick_numa()
(Automatic NUMA Balancing (fate#315482)).

- sched/numa: Only consider less busy nodes as numa
balancing destinations (Automatic NUMA Balancing
(fate#315482)).

- sched: Put expensive runtime debugging checks under a
separate Kconfig entry (Scheduler performance).

- scsi: hosts: update to use ida_simple for host_no
(bsc#939926)

- sunrpc/cache: make cache flushing more reliable
(bsc#947478).

- sunrpc: Fix oops when trace sunrpc_task events in nfs
client (bnc#956703).

- supported.conf: Support peak_pci and sja1000: These 2
CAN drivers are supported in the RT kernel for a long
time so we can also support them

- target/pr: fix core_scsi3_pr_seq_non_holder() caller
(bnc#952666).

- target: Send UA upon LUN RESET tmr completion
(bsc#933514).

- target: use 'se_dev_entry' when allocating UAs
(bsc#933514).

- Update config files. (bnc#955644)

- Update kabi files with sbc_parse_cdb symbol change
(bsc#954635).

- usbvision fix overflow of interfaces array (bnc#950998).

- vmxnet3: adjust ring sizes when interface is down
(bsc#950750).

- vmxnet3: Fix ethtool -S to return correct rx queue stats
(bsc#950750).

- x86/efi: Fix invalid parameter error when getting
hibernation key (fate#316350, bsc#956284).

- x86/evtchn: make use of PHYSDEVOP_map_pirq.

- x86/mm: Add parenthesis for TLB tracepoint size
calculation (VM Performance (Reduce IPIs during
reclaim)).

- x86/mm/hotplug: Modify PGD entry when removing memory
(VM Functionality, bnc#955148).

- x86/mm/hotplug: Pass sync_global_pgds() a correct
argument in remove_pagetable() (VM Functionality,
bnc#955148).

- x86/tsc: Let high latency PIT fail fast in
quick_pit_calibrate() (bsc#953717).

- xen: fix boot crash in EC2 settings (bsc#956147).

- xen: refresh patches.xen/xen-x86_64-m2p-strict
(bsc#956147).

- xen: Update Xen patches to 3.12.50.

- xfs: always drain dio before extending aio write
submission (bsc#949744).

- xfs: DIO needs an ioend for writes (bsc#949744).

- xfs: DIO write completion size updates race
(bsc#949744).

- xfs: DIO writes within EOF do not need an ioend
(bsc#949744).

- xfs: direct IO EOF zeroing needs to drain AIO
(bsc#949744).

- xfs: do not allocate an ioend for direct I/O completions
(bsc#949744).

- xfs: factor DIO write mapping from get_blocks
(bsc#949744).

- xfs: handle DIO overwrite EOF update completion
correctly (bsc#949744).

- xfs: move DIO mapping size calculation (bsc#949744).

- xfs: using generic_file_direct_write() is unnecessary
(bsc#949744).

- xhci: Add spurious wakeup quirk for LynxPoint-LP
controllers (bnc#951165).

- xhci: Workaround to get Intel xHCI reset working more
reliably (bnc#957546).

- zfcp: fix fc_host port_type with NPIV (bnc#954986,
LTC#132479).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/758040
https://bugzilla.suse.com/814440
https://bugzilla.suse.com/904348
https://bugzilla.suse.com/921949
https://bugzilla.suse.com/924493
https://bugzilla.suse.com/926238
https://bugzilla.suse.com/933514
https://bugzilla.suse.com/936773
https://bugzilla.suse.com/939826
https://bugzilla.suse.com/939926
https://bugzilla.suse.com/940776
https://bugzilla.suse.com/941113
https://bugzilla.suse.com/941202
https://bugzilla.suse.com/943959
https://bugzilla.suse.com/944296
https://bugzilla.suse.com/947241
https://bugzilla.suse.com/947478
https://bugzilla.suse.com/949100
https://bugzilla.suse.com/949192
https://bugzilla.suse.com/949706
https://bugzilla.suse.com/949744
https://bugzilla.suse.com/949936
https://bugzilla.suse.com/950013
https://bugzilla.suse.com/950580
https://bugzilla.suse.com/950750
https://bugzilla.suse.com/950998
https://bugzilla.suse.com/951110
https://bugzilla.suse.com/951165
https://bugzilla.suse.com/951440
https://bugzilla.suse.com/951638
https://bugzilla.suse.com/951864
https://bugzilla.suse.com/952384
https://bugzilla.suse.com/952666
https://bugzilla.suse.com/953717
https://bugzilla.suse.com/953826
https://bugzilla.suse.com/953830
https://bugzilla.suse.com/953971
https://bugzilla.suse.com/953980
https://bugzilla.suse.com/954635
https://bugzilla.suse.com/954986
https://bugzilla.suse.com/955136
https://bugzilla.suse.com/955148
https://bugzilla.suse.com/955224
https://bugzilla.suse.com/955354
https://bugzilla.suse.com/955422
https://bugzilla.suse.com/955533
https://bugzilla.suse.com/955644
https://bugzilla.suse.com/956047
https://bugzilla.suse.com/956053
https://bugzilla.suse.com/956147
https://bugzilla.suse.com/956284
https://bugzilla.suse.com/956703
https://bugzilla.suse.com/956711
https://bugzilla.suse.com/956717
https://bugzilla.suse.com/956801
https://bugzilla.suse.com/956876
https://bugzilla.suse.com/957395
https://bugzilla.suse.com/957546
https://bugzilla.suse.com/958504
https://bugzilla.suse.com/958510
https://bugzilla.suse.com/958647
https://www.suse.com/security/cve/CVE-2015-0272.html
https://www.suse.com/security/cve/CVE-2015-2925.html
https://www.suse.com/security/cve/CVE-2015-5156.html
https://www.suse.com/security/cve/CVE-2015-7799.html
https://www.suse.com/security/cve/CVE-2015-7872.html
https://www.suse.com/security/cve/CVE-2015-7990.html
https://www.suse.com/security/cve/CVE-2015-8215.html
http://www.nessus.org/u?9179e39b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1 :

zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 87495 ()

Bugtraq ID: 73926

CVE ID: CVE-2015-0272
CVE-2015-2925
CVE-2015-5156
CVE-2015-7799
CVE-2015-7872
CVE-2015-7990
CVE-2015-8215

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now