openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15
stable release, and also includes security and bugfixes.

Following security bugs were fixed :

- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers
gain root privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race
between read and revoke in keyctl (bnc#958951).

- CVE-2015-8767: A case can occur when sctp_accept() is
called by the user during a heartbeat timeout event
after the 4-way handshake. Since sctp_assoc_migrate()
changes both assoc->base.sk and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be
taken with the listening socket but released with the
new association socket. The result is a deadlock on any
future attempts to take the listening socket lock.
(bsc#961509)

- CVE-2015-8539: A negatively instantiated user key could
have been used by a local user to leverage privileges
(bnc#958463).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect
functions in drivers/net/ppp/pptp.c in the Linux kernel
did not verify an address length, which allowed local
users to obtain sensitive information from kernel memory
and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).

- CVE-2015-8543: The networking implementation in the
Linux kernel did not validate protocol identifiers for
certain protocol families, which allowed local users to
cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain
privileges by leveraging CLONE_NEWUSER support to
execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8575: Validate socket address length in
sco_sock_bind() to prevent information leak
(bsc#959399).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled (bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV
backend drivers could have lead to double fetch
vulnerabilities, causing denial of service or arbitrary
code execution (depending on the configuration)
(bsc#957988).

The following non-security bugs were fixed :

- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
(bsc#958439).

- ALSA: hda - Apply click noise workaround for Thinkpads
generically (bsc#958439).

- ALSA: hda - Fix noise problems on Thinkpad T440s
(boo#958504).

- ALSA: hda - Flush the pending probe work at remove
(boo#960710).

- ALSA: hda - Set codec to D3 at reboot/shutdown on
Thinkpads (bsc#958439).

- Add Cavium Thunderx network enhancements

- Add RHEL to kernel-obs-build

- Backport amd xgbe fixes and features

- Backport arm64 patches from SLE12-SP1-ARM.

- Btrfs: fix the number of transaction units needed to
remove a block group (bsc#950178).

- Btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#950178).

- Documentation: nousb is a module parameter (bnc#954324).

- Driver for IBM System i/p VNIC protocol.

- Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for
recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still
disabled as it can't be built as a module.

- Fix PCI generic host controller

- Fix kABI breakage for max_dev_sectors addition to
queue_limits (boo#961263).

- HID: multitouch: Fetch feature reports on demand for
Win8 devices (boo#954532).

- HID: multitouch: fix input mode switching on some Elan
panels (boo#954532).

- Implement enable/disable for Display C6 state
(boo#960021).

- Input: aiptek - fix crash on detecting device without
endpoints (bnc#956708).

- Linux 4.1.15 (boo#954647 bsc#955422).

- Move kabi patch to patches.kabi directory

- Obsolete compat-wireless, rts5229 and rts_pstor KMPs
These are found in SLE11-SP3, now replaced with the
upstream drivers.

- PCI: generic: Pass starting bus number to
pci_scan_root_bus().

- Revert 'block: remove artifical max_hw_sectors cap'
(boo#961263).

- Set system time through RTC device

- Update arm64 config files. Enabled DRM_AST in the
vanilla kernel since it is now enabled in the default
kernel.

- Update config files: CONFIG_IBMVNIC=m

- block/sd: Fix device-imposed transfer length limits
(boo#961263).

- block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).

- drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).

- drm/i915/skl: Add DC6 Trigger sequence (boo#960021).

- drm/i915/skl: Add support to load SKL CSR firmware
(boo#960021).

- drm/i915/skl: Add the INIT power domain to the MISC I/O
power well (boo#960021).

- drm/i915/skl: Deinit/init the display at suspend/resume
(boo#960021).

- drm/i915/skl: Fix DMC API version in firmware file name
(boo#960021).

- drm/i915/skl: Fix
WaDisableChickenBitTSGBarrierAckForFFSliceCS
(boo#960021).

- drm/i915/skl: Fix stepping check for a couple of W/As
(boo#960021).

- drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1
defines (boo#960021).

- drm/i915/skl: Implement WaDisableVFUnitClockGating
(boo#960021).

- drm/i915/skl: Implement enable/disable for Display C5
state (boo#960021).

- drm/i915/skl: Make the Misc I/O power well part of the
PLLS domain (boo#960021).

- drm/i915/skl: add F0 stepping ID (boo#960021).

- drm/i915/skl: enable
WaForceContextSaveRestoreNonCoherent (boo#960021).

- drm/i915: Clear crtc atomic flags at beginning of
transaction (boo#960021).

- drm/i915: Fix CSR MMIO address check (boo#960021).

- drm/i915: Switch to full atomic helpers for plane
updates/disable, take two (boo#960021).

- drm/i915: set CDCLK if DPLL0 enabled during resuming
from S3 (boo#960021).

- ethernet/atheros/alx: sanitize buffer sizing and padding
(boo#952621).

- genksyms: Handle string literals with spaces in
reference files (bsc#958510).

- group-source-files: mark module.lds as devel file ld:
cannot open linker script file
/usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No
such file or directory

- hwrng: core - sleep interruptible in read (bnc#962597).

- ipv6: distinguish frag queues by device for multicast
and link-local packets (bsc#955422).

- kABI fixes for linux-4.1.15.

- rpm/compute-PATCHVERSION.sh: Skip stale directories in
the package dir

- rpm/constraints.in: Bump disk space requirements up a
bit Require 10GB on s390x, 20GB elsewhere.

- rpm/constraints.in: Require 14GB worth of disk space on
POWER The builds started to fail randomly due to ENOSPC
errors.

- rpm/kernel-binary.spec.in: Do not explicitly set
DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is
a selectable Kconfig option since 2.6.39 and is enabled
in our configs.

- rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp
(bnc#865259)865259

- rpm/kernel-binary.spec.in: Fix build if no UEFI certs
are installed

- rpm/kernel-binary.spec.in: Install libopenssl-devel for
newer sign-file

- rpm/kernel-binary.spec.in: No scriptlets in
kernel-zfcpdump The kernel should not be added to the
bootloader nor are there any KMPs.

- rpm/kernel-binary.spec.in: Obsolete the -base package
from SLE11 (bnc#865096)

- rpm/kernel-binary.spec.in: Use parallel make in all
invocations Also, remove the lengthy comment, since we
are using a standard rpm macro now.

- thinkpad_acpi: Do not yell on unsupported brightness
interfaces (boo#957152).

- usb: make 'nousb' a clear module parameter (bnc#954324).

- usbvision fix overflow of interfaces array (bnc#950998).

- x86/microcode/amd: Do not overwrite final patch levels
(bsc#913996).

- x86/microcode/amd: Extract current patch level read to a
function (bsc#913996).

- xen/pciback: Do not allow MSI-X ops if
PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

- xhci: refuse loading if nousb is used (bnc#954324).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=865096
https://bugzilla.opensuse.org/show_bug.cgi?id=865259
https://bugzilla.opensuse.org/show_bug.cgi?id=913996
https://bugzilla.opensuse.org/show_bug.cgi?id=950178
https://bugzilla.opensuse.org/show_bug.cgi?id=950998
https://bugzilla.opensuse.org/show_bug.cgi?id=952621
https://bugzilla.opensuse.org/show_bug.cgi?id=954324
https://bugzilla.opensuse.org/show_bug.cgi?id=954532
https://bugzilla.opensuse.org/show_bug.cgi?id=954647
https://bugzilla.opensuse.org/show_bug.cgi?id=955422
https://bugzilla.opensuse.org/show_bug.cgi?id=956708
https://bugzilla.opensuse.org/show_bug.cgi?id=957152
https://bugzilla.opensuse.org/show_bug.cgi?id=957988
https://bugzilla.opensuse.org/show_bug.cgi?id=957990
https://bugzilla.opensuse.org/show_bug.cgi?id=958439
https://bugzilla.opensuse.org/show_bug.cgi?id=958463
https://bugzilla.opensuse.org/show_bug.cgi?id=958504
https://bugzilla.opensuse.org/show_bug.cgi?id=958510
https://bugzilla.opensuse.org/show_bug.cgi?id=958886
https://bugzilla.opensuse.org/show_bug.cgi?id=958951
https://bugzilla.opensuse.org/show_bug.cgi?id=959190
https://bugzilla.opensuse.org/show_bug.cgi?id=959399
https://bugzilla.opensuse.org/show_bug.cgi?id=960021
https://bugzilla.opensuse.org/show_bug.cgi?id=960710
https://bugzilla.opensuse.org/show_bug.cgi?id=961263
https://bugzilla.opensuse.org/show_bug.cgi?id=961509
https://bugzilla.opensuse.org/show_bug.cgi?id=962075
https://bugzilla.opensuse.org/show_bug.cgi?id=962597

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now