SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 12 kernel was updated to receive various
security and bugfixes.

Following security bugs were fixed :

- CVE-2015-7550: A local user could have triggered a race
between read and revoke in keyctl (bnc#958951).

- CVE-2015-8539: A negatively instantiated user key could
have been used by a local user to leverage privileges
(bnc#958463).

- CVE-2015-8543: The networking implementation in the
Linux kernel did not validate protocol identifiers for
certain protocol families, which allowed local users to
cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain
privileges by leveraging CLONE_NEWUSER support to
execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8550: Compiler optimizations in the XEN PV
backend drivers could have lead to double fetch
vulnerabilities, causing denial of service or arbitrary
code execution (depending on the configuration)
(bsc#957988).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled (bsc#957990).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect
functions in drivers/net/ppp/pptp.c in the Linux kernel
did not verify an address length, which allowed local
users to obtain sensitive information from kernel memory
and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).

- CVE-2015-8575: Validate socket address length in
sco_sock_bind() to prevent information leak
(bsc#959399).

The following non-security bugs were fixed :

- ACPICA: Correctly cleanup after a ACPI table load
failure (bnc#937261).

- ALSA: hda - Fix noise problems on Thinkpad T440s
(boo#958504).

- Input: aiptek - fix crash on detecting device without
endpoints (bnc#956708).

- Re-add copy_page_vector_to_user()

- Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).

- Refresh patches.xen/xen3-patch-3.9 (bsc#951155).

- Update
patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cach
e-until-transaction

-.patch (bnc#935087, bnc#945649, bnc#951615).

- bcache: Add btree_insert_node() (bnc#951638).

- bcache: Add explicit keylist arg to btree_insert()
(bnc#951638).

- bcache: Clean up keylist code (bnc#951638).

- bcache: Convert btree_insert_check_key() to
btree_insert_node() (bnc#951638).

- bcache: Convert bucket_wait to wait_queue_head_t
(bnc#951638).

- bcache: Convert try_wait to wait_queue_head_t
(bnc#951638).

- bcache: Explicitly track btree node's parent
(bnc#951638).

- bcache: Fix a bug when detaching (bsc#951638).

- bcache: Fix a lockdep splat in an error path
(bnc#951638).

- bcache: Fix a shutdown bug (bsc#951638).

- bcache: Fix more early shutdown bugs (bsc#951638).

- bcache: Fix sysfs splat on shutdown with flash only devs
(bsc#951638).

- bcache: Insert multiple keys at a time (bnc#951638).

- bcache: Refactor journalling flow control (bnc#951638).

- bcache: Refactor request_write() (bnc#951638).

- bcache: Use blkdev_issue_discard() (bnc#951638).

- bcache: backing device set to clean after finishing
detach (bsc#951638).

- bcache: kill closure locking usage (bnc#951638).

- blktap: also call blkif_disconnect() when frontend
switched to closed (bsc#952976).

- blktap: refine mm tracking (bsc#952976).

- block: Always check queue limits for cloned requests
(bsc#902606).

- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).

- btrfs: Adjust commit-transaction condition to avoid
NO_SPACE more (bsc#958647).

- btrfs: Fix out-of-space bug (bsc#958647).

- btrfs: Fix tail space processing in
find_free_dev_extent() (bsc#958647).

- btrfs: Set relative data on clear
btrfs_block_group_cache->pinned (bsc#958647).

- btrfs: Update btrfs qgroup status item when rescan is
done (bnc#960300).

- btrfs: backref: Add special time_seq == (u64)-1 case for
btrfs_find_all_roots() (bnc#935087, bnc#945649).

- btrfs: backref: Do not merge refs which are not for same
block (bnc#935087, bnc#945649).

- btrfs: cleanup: remove no-used alloc_chunk in
btrfs_check_data_free_space() (bsc#958647).

- btrfs: delayed-ref: Cleanup the unneeded functions
(bnc#935087, bnc#945649).

- btrfs: delayed-ref: Use list to replace the ref_root in
ref_head (bnc#935087, bnc#945649).

- btrfs: extent-tree: Use ref_node to replace unneeded
parameters in __inc_extent_ref() and __free_extent()
(bnc#935087, bnc#945649).

- btrfs: fix comp_oper to get right order (bnc#935087,
bnc#945649).

- btrfs: fix condition of commit transaction (bsc#958647).

- btrfs: fix leak in qgroup_subtree_accounting() error
path (bnc#935087, bnc#945649).

- btrfs: fix order by which delayed references are run
(bnc#949440).

- btrfs: fix qgroup sanity tests (bnc#951615).

- btrfs: fix race waiting for qgroup rescan worker
(bnc#960300).

- btrfs: fix regression running delayed references when
using qgroups (bnc#951615).

- btrfs: fix regression when running delayed references
(bnc#951615).

- btrfs: fix sleeping inside atomic context in qgroup
rescan worker (bnc#960300).

- btrfs: fix the number of transaction units needed to
remove a block group (bsc#958647).

- btrfs: keep dropped roots in cache until transaction
commit (bnc#935087, bnc#945649).

- btrfs: qgroup: Add function qgroup_update_counters()
(bnc#935087, bnc#945649).

- btrfs: qgroup: Add function qgroup_update_refcnt()
(bnc#935087, bnc#945649).

- btrfs: qgroup: Add new function to record old_roots
(bnc#935087, bnc#945649).

- btrfs: qgroup: Add new qgroup calculation function
btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).

- btrfs: qgroup: Add the ability to skip given qgroup for
old/new_roots (bnc#935087, bnc#945649).

- btrfs: qgroup: Cleanup open-coded old/new_refcnt update
and read (bnc#935087, bnc#945649).

- btrfs: qgroup: Cleanup the old ref_node-oriented
mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Do not copy extent buffer to do qgroup
rescan (bnc#960300).

- btrfs: qgroup: Fix a regression in qgroup reserved space
(bnc#935087, bnc#945649).

- btrfs: qgroup: Make snapshot accounting work with new
extent-oriented qgroup (bnc#935087, bnc#945649).

- btrfs: qgroup: Record possible quota-related extent for
qgroup (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch rescan to new mechanism
(bnc#935087, bnc#945649).

- btrfs: qgroup: Switch self test to extent-oriented
qgroup mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch to new extent-oriented qgroup
mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: account shared subtree during snapshot
delete (bnc#935087, bnc#945649).

- btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota
(bnc#960300).

- btrfs: qgroup: exit the rescan worker during umount
(bnc#960300).

- btrfs: qgroup: fix quota disable during rescan
(bnc#960300).

- btrfs: qgroup: move WARN_ON() to the correct location
(bnc#935087, bnc#945649).

- btrfs: remove transaction from send (bnc#935087,
bnc#945649).

- btrfs: ulist: Add ulist_del() function (bnc#935087,
bnc#945649).

- btrfs: use btrfs_get_fs_root in resolve_indirect_ref
(bnc#935087, bnc#945649).

- btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#958647).

- cache: Fix sysfs splat on shutdown with flash only devs
(bsc#951638).

- cpusets, isolcpus: exclude isolcpus from load balancing
in cpusets (bsc#957395).

- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).

- drm: Allocate new master object when client becomes
master (bsc#956876, bsc#956801).

- drm: Fix KABI of 'struct drm_file' (bsc#956876,
bsc#956801).

- e1000e: Do not read ICR in Other interrupt (bsc#924919).

- e1000e: Do not write lsc to ics in msi-x mode
(bsc#924919).

- e1000e: Fix msi-x interrupt automask (bsc#924919).

- e1000e: Remove unreachable code (bsc#924919).

- genksyms: Handle string literals with spaces in
reference files (bsc#958510).

- ipv6: fix tunnel error handling (bsc#952579).

- lpfc: Fix null ndlp dereference in target_reset_handler
(bsc#951392).

- mm/mempolicy.c: convert the shared_policy lock to a
rwlock (bnc#959436).

- mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE
(bnc#943959).

- pm, hinernate: use put_page in release_swap_writer
(bnc#943959).

- sched, isolcpu: make cpu_isolated_map visible outside
scheduler (bsc#957395).

- udp: properly support MSG_PEEK with truncated buffers
(bsc#951199 bsc#959364).

- xhci: Workaround to get Intel xHCI reset working more
reliably (bnc#957546).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/758040
https://bugzilla.suse.com/902606
https://bugzilla.suse.com/924919
https://bugzilla.suse.com/935087
https://bugzilla.suse.com/937261
https://bugzilla.suse.com/943959
https://bugzilla.suse.com/945649
https://bugzilla.suse.com/949440
https://bugzilla.suse.com/951155
https://bugzilla.suse.com/951199
https://bugzilla.suse.com/951392
https://bugzilla.suse.com/951615
https://bugzilla.suse.com/951638
https://bugzilla.suse.com/952579
https://bugzilla.suse.com/952976
https://bugzilla.suse.com/956708
https://bugzilla.suse.com/956801
https://bugzilla.suse.com/956876
https://bugzilla.suse.com/957395
https://bugzilla.suse.com/957546
https://bugzilla.suse.com/957988
https://bugzilla.suse.com/957990
https://bugzilla.suse.com/958463
https://bugzilla.suse.com/958504
https://bugzilla.suse.com/958510
https://bugzilla.suse.com/958647
https://bugzilla.suse.com/958886
https://bugzilla.suse.com/958951
https://bugzilla.suse.com/959190
https://bugzilla.suse.com/959364
https://bugzilla.suse.com/959399
https://bugzilla.suse.com/959436
https://bugzilla.suse.com/959705
https://bugzilla.suse.com/960300
https://www.suse.com/security/cve/CVE-2015-7550.html
https://www.suse.com/security/cve/CVE-2015-8539.html
https://www.suse.com/security/cve/CVE-2015-8543.html
https://www.suse.com/security/cve/CVE-2015-8550.html
https://www.suse.com/security/cve/CVE-2015-8551.html
https://www.suse.com/security/cve/CVE-2015-8552.html
https://www.suse.com/security/cve/CVE-2015-8569.html
https://www.suse.com/security/cve/CVE-2015-8575.html
http://www.nessus.org/u?9497c66b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2016-107=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-107=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-107=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 88006 ()

Bugtraq ID:

CVE ID: CVE-2015-7550
CVE-2015-8539
CVE-2015-8543
CVE-2015-8550
CVE-2015-8551
CVE-2015-8552
CVE-2015-8569
CVE-2015-8575

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now