SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2339-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.

Following security bugs were fixed :

- CVE-2015-7509: Mounting ext4 filesystems in no-journal
mode could hav lead to a system crash (bsc#956709).

- CVE-2015-7799: The slhc_init function in
drivers/net/slip/slhc.c in the Linux kernel did not
ensure that certain slot numbers are valid, which
allowed local users to cause a denial of service (NULL
pointer dereference and system crash) via a crafted
PPPIOCSMAXCID ioctl call (bnc#949936).

- CVE-2015-8104: The KVM subsystem in the Linux kernel
allowed guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #DB (aka
Debug) exceptions, related to svm.c (bnc#954404).

- CVE-2015-5307: The KVM subsystem in the Linux kernel
allowed guest OS users to cause a denial of service
(host OS panic or hang) by triggering many #AC (aka
Alignment Check) exceptions, related to svm.c and vmx.c

- CVE-2015-7990: RDS: There was no verification that an
underlying transport exists when creating a connection,
causing usage of a NULL pointer (bsc#952384).

- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux
kernel on the x86_64 platform mishandled IRET faults in
processing NMIs that occurred during userspace
execution, which might have allowed local users to gain
privileges by triggering an NMI (bnc#938706).

- CVE-2015-7872: The key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local
users to cause a denial of service (OOPS) via crafted
keyctl commands (bnc#951440).

- CVE-2015-0272: Missing checks allowed remote attackers
to cause a denial of service (IPv6 traffic disruption)
via a crafted MTU value in an IPv6 Router Advertisement
(RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).

- CVE-2015-6937: The __rds_conn_create function in
net/rds/connection.c in the Linux kernel allowed local
users to cause a denial of service (NULL pointer
dereference and system crash) or possibly have
unspecified other impact by using a socket that was not
properly bound (bnc#945825).

The following non-security bugs were fixed :

- ALSA: hda - Disable 64bit address for Creative HDA
controllers (bnc#814440).

- Driver: Vmxnet3: Fix ethtool -S to return correct rx
queue stats (bsc#950750).

- Drivers: hv: do not do hypercalls when hypercall_page is

- Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.

- Drivers: hv: util: move kvp/vss function declarations to

- Drivers: hv: vmbus: Get rid of some unused definitions.

- Drivers: hv: vmbus: Implement the protocol for tearing
down vmbus state.

- Drivers: hv: vmbus: add special crash handler

- Drivers: hv: vmbus: add special kexec handler.

- Drivers: hv: vmbus: kill tasklets on module unload.

- Drivers: hv: vmbus: prefer '^A' notification chain to

- Drivers: hv: vmbus: remove hv_synic_free_cpu() call from

- Drivers: hv: vmbus: unregister panic notifier on module

- IB/srp: Avoid skipping srp_reset_host() after a
transport error (bsc#904965).

- IB/srp: Fix a sporadic crash triggered by cable pulling

- KEYS: Fix race between key destruction and finding a
keyring by name (bsc#951440).

- Make sure XPRT_CONNECTING gets cleared when needed

- NFSv4: Fix two infinite loops in the mount code

- PCI: Add VPD function 0 quirk for Intel Ethernet devices

- PCI: Add dev_flags bit to access VPD through function 0

- PCI: Clear NumVFs when disabling SR-IOV in sriov_init()

- PCI: Refresh First VF Offset and VF Stride when updating
NumVFs (bnc#952084).

- PCI: Update NumVFs register when disabling SR-IOV

- PCI: delay configuration of SRIOV capability

- PCI: set pci sriov page size before reading SRIOV BAR

- SCSI: hosts: update to use ida_simple for host_no

- SUNRPC refactor rpcauth_checkverf error returns

- af_iucv: avoid path quiesce of severed path in
shutdown() (bnc#946214).

- ahci: Add Device ID for Intel Sunrise Point PCH

- blktap: also call blkif_disconnect() when frontend
switched to closed (bsc#952976).

- blktap: refine mm tracking (bsc#952976).

- cachefiles: Avoid deadlocks with fs freezing

- dm sysfs: introduce ability to add writable attributes

- dm-snap: avoid deadock on s->lock when a read is split

- dm: do not start current request if it would've merged
with the previous (bsc#904348).

- dm: impose configurable deadline for dm_request_fn's
merge heuristic (bsc#904348).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with
HPD interrupt, v2 (bsc#942938).

- drm/i915: Fix DDC probe for passive adapters
(bsc#900610, fdo#85924).

- drm/i915: add hotplug activation period to hotplug
update mask (bsc#953980).

- fix lpfc_send_rscn_event allocation size claims

- fs: Avoid deadlocks of fsync_bdev() and fs freezing

- fs: Fix deadlocks between sync and fs freezing

- hugetlb: simplify migrate_huge_page() (bnc#947957).

- hwpoison, hugetlb: lock_page/unlock_page does not match
for handling a free hugepage (bnc#947957,).

- ipr: Fix incorrect trace indexing (bsc#940913).

- ipr: Fix invalid array indexing for HRRQ (bsc#940913).

- ipv6: fix tunnel error handling (bsc#952579).

- ipvs: Fix reuse connection if real server is dead

- ipvs: drop first packet to dead server (bsc#946078).

- kernel: correct uc_sigmask of the compat signal frame

- kernel: fix incorrect use of DIAG44 in
continue_trylock_relax() (bnc#946214).

- kexec: Fix race between panic() and crash_kexec() called
directly (bnc#937444).

- ktime: add ktime_after and ktime_before helpe

- lib/string.c: introduce memchr_inv() (bnc#930788).

- lpfc: Fix cq_id masking problem (bsc#944677).

- macvlan: Support bonding events bsc#948521

- memory-failure: do code refactor of soft_offline_page()

- memory-failure: fix an error of mce_bad_pages statistics

- memory-failure: use num_poisoned_pages instead of
mce_bad_pages (bnc#947957).

- memory-hotplug: update mce_bad_pages when removing the
memory (bnc#947957).

- mm/memory-failure.c: fix wrong num_poisoned_pages in
handling memory error on thp (bnc#947957).

- mm/memory-failure.c: recheck PageHuge() after hugetlb
page migrate successfully (bnc#947957).

- mm/migrate.c: pair unlock_page() and lock_page() when
migrating huge pages (bnc#947957).

- mm: exclude reserved pages from dirtyable memory 32b fix
(bnc#940017, bnc#949298).

- mm: fix GFP_THISNODE callers and clarify (bsc#954950).

- mm: remove GFP_THISNODE (bsc#954950).

- mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages
(Swap over NFS).

- net/core: Add VF link state control policy (bsc#950298).

- netfilter: xt_recent: fix namespace destroy path

- panic/x86: Allow cpus to save registers even if they

- panic/x86: Fix re-entrance problem due to panic on

- pktgen: clean up ktime_t helpers (bsc#904348).

- qla2xxx: Do not reset adapter if SRB handle is in range

- qla2xxx: Remove decrement of sp reference count in abort
handler (bsc#944993).

- qla2xxx: Remove unavailable firmware files (bsc#921081).

- qla2xxx: do not clear slot in outstanding cmd array

- qlge: Fix qlge_update_hw_vlan_features to handle if
interface is down (bsc#930835).

- quota: Fix deadlock with suspend and quotas

- rcu: Eliminate deadlock between CPU hotplug and
expedited grace periods (bsc#949706).

- rtc: cmos: Cancel alarm timer if alarm time is equal to
now+1 seconds (bsc#930145).

- rtnetlink: Fix VF IFLA policy (bsc#950298).

- rtnetlink: fix VF info size (bsc#950298).

- s390/dasd: fix disconnected device with valid path mask

- s390/dasd: fix invalid PAV assignment after
suspend/resume (bnc#946214).

- s390/dasd: fix list_del corruption after lcu changes

- s390/pci: handle events for unused functions

- s390/pci: improve handling of hotplug event 0x301

- s390/pci: improve state check when processing hotplug
events (bnc#946214).

- sched/core: Fix task and run queue sched_info::run_delay
inconsistencies (bnc#949100).

- sg: fix read() error reporting (bsc#926774).

- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI
controllers (bnc#944989).

- usbback: correct copy length for partial transfers

- usbvision fix overflow of interfaces array (bnc#950998).

- veth: extend device features (bsc#879381).

- vfs: Provide function to get superblock and wait for it
to thaw (bsc#935123).

- vmxnet3: adjust ring sizes when interface is down

- vmxnet3: fix ethtool ring buffer size setting

- writeback: Skip writeback for frozen filesystem

- x86, pageattr: Prevent overflow in slow_virt_to_phys()
for X86_PAE (bnc#937256).

- x86/evtchn: make use of PHYSDEVOP_map_pirq.

- x86: mm: drop TLB flush from ptep_set_access_flags

- x86: mm: only do a local tlb flush in
ptep_set_access_flags() (bsc#948330).

- xen: x86, pageattr: Prevent overflow in
slow_virt_to_phys() for X86_PAE (bnc#937256).

- xfs: Fix lost direct IO write in the last block

- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).

- xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).

- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).

- xfs: add background scanning to clear eofblocks inodes

- xfs: add inode id filtering to eofblocks scan

- xfs: add minimum file size filtering to eofblocks scan

- xfs: create function to scan and clear EOFBLOCKS inodes

- xfs: create helper to check whether to free eofblocks on
inode (bnc#930788).

- xfs: introduce a common helper xfs_icluster_size_fsb

- xfs: make xfs_free_eofblocks() non-static, return EAGAIN
on trylock failure (bnc#930788).

- xfs: support a tag-based inode_ag_iterator (bnc#930788).

- xfs: support multiple inode id filtering in eofblocks
scan (bnc#930788).

- xfs: use xfs_icluster_size_fsb in xfs_bulkstat

- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init

- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster

- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).

- xhci: Add spurious wakeup quirk for LynxPoint-LP
controllers (bnc#949981).

- xhci: Calculate old endpoints correctly on device reset

- xhci: For streams the css flag most be read from the
stream-ctx on ep stop (bnc#945691).

- xhci: change xhci 1.0 only restrictions to support xhci
1.1 (bnc#949502).

- xhci: fix isoc endpoint dequeue from advancing too far
on transaction error (bnc#944837).

- xhci: silence TD warning (bnc#939955).

- xhci: use uninterruptible sleep for waiting for internal
operations (bnc#939955).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-kernel-source-12278=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kernel-source-12278=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-source-12278=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-kernel-source-12278=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-kernel-source-12278=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 5.8
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now