openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15
stable release, and also includes security and bugfixes.

Following security bugs were fixed :

- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers
gain root privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race
between read and revoke in keyctl (bnc#958951).

- CVE-2015-8767: A case can occur when sctp_accept() is
called by the user during a heartbeat timeout event
after the 4-way handshake. Since sctp_assoc_migrate()
changes both assoc-> and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be
taken with the listening socket but released with the
new association socket. The result is a deadlock on any
future attempts to take the listening socket lock.

- CVE-2015-8539: A negatively instantiated user key could
have been used by a local user to leverage privileges

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect
functions in drivers/net/ppp/pptp.c in the Linux kernel
did not verify an address length, which allowed local
users to obtain sensitive information from kernel memory
and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).

- CVE-2015-8543: The networking implementation in the
Linux kernel did not validate protocol identifiers for
certain protocol families, which allowed local users to
cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain
privileges by leveraging CLONE_NEWUSER support to
execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8575: Validate socket address length in
sco_sock_bind() to prevent information leak

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled (bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV
backend drivers could have lead to double fetch
vulnerabilities, causing denial of service or arbitrary
code execution (depending on the configuration)

The following non-security bugs were fixed :

- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd

- ALSA: hda - Apply click noise workaround for Thinkpads
generically (bsc#958439).

- ALSA: hda - Fix noise problems on Thinkpad T440s

- ALSA: hda - Flush the pending probe work at remove

- ALSA: hda - Set codec to D3 at reboot/shutdown on
Thinkpads (bsc#958439).

- Add Cavium Thunderx network enhancements

- Add RHEL to kernel-obs-build

- Backport amd xgbe fixes and features

- Backport arm64 patches from SLE12-SP1-ARM.

- Btrfs: fix the number of transaction units needed to
remove a block group (bsc#950178).

- Btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#950178).

- Documentation: nousb is a module parameter (bnc#954324).

- Driver for IBM System i/p VNIC protocol.

- Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for
recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still
disabled as it can't be built as a module.

- Fix PCI generic host controller

- Fix kABI breakage for max_dev_sectors addition to
queue_limits (boo#961263).

- HID: multitouch: Fetch feature reports on demand for
Win8 devices (boo#954532).

- HID: multitouch: fix input mode switching on some Elan
panels (boo#954532).

- Implement enable/disable for Display C6 state

- Input: aiptek - fix crash on detecting device without
endpoints (bnc#956708).

- Linux 4.1.15 (boo#954647 bsc#955422).

- Move kabi patch to patches.kabi directory

- Obsolete compat-wireless, rts5229 and rts_pstor KMPs
These are found in SLE11-SP3, now replaced with the
upstream drivers.

- PCI: generic: Pass starting bus number to

- Revert 'block: remove artifical max_hw_sectors cap'

- Set system time through RTC device

- Update arm64 config files. Enabled DRM_AST in the
vanilla kernel since it is now enabled in the default

- Update config files: CONFIG_IBMVNIC=m

- block/sd: Fix device-imposed transfer length limits

- block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).

- drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).

- drm/i915/skl: Add DC6 Trigger sequence (boo#960021).

- drm/i915/skl: Add support to load SKL CSR firmware

- drm/i915/skl: Add the INIT power domain to the MISC I/O
power well (boo#960021).

- drm/i915/skl: Deinit/init the display at suspend/resume

- drm/i915/skl: Fix DMC API version in firmware file name

- drm/i915/skl: Fix

- drm/i915/skl: Fix stepping check for a couple of W/As

- drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1
defines (boo#960021).

- drm/i915/skl: Implement WaDisableVFUnitClockGating

- drm/i915/skl: Implement enable/disable for Display C5
state (boo#960021).

- drm/i915/skl: Make the Misc I/O power well part of the
PLLS domain (boo#960021).

- drm/i915/skl: add F0 stepping ID (boo#960021).

- drm/i915/skl: enable
WaForceContextSaveRestoreNonCoherent (boo#960021).

- drm/i915: Clear crtc atomic flags at beginning of
transaction (boo#960021).

- drm/i915: Fix CSR MMIO address check (boo#960021).

- drm/i915: Switch to full atomic helpers for plane
updates/disable, take two (boo#960021).

- drm/i915: set CDCLK if DPLL0 enabled during resuming
from S3 (boo#960021).

- ethernet/atheros/alx: sanitize buffer sizing and padding

- genksyms: Handle string literals with spaces in
reference files (bsc#958510).

- group-source-files: mark as devel file ld:
cannot open linker script file
/usr/src/linux-4.2.5-1/arch/arm/kernel/ No
such file or directory

- hwrng: core - sleep interruptible in read (bnc#962597).

- ipv6: distinguish frag queues by device for multicast
and link-local packets (bsc#955422).

- kABI fixes for linux-4.1.15.

- rpm/ Skip stale directories in
the package dir

- rpm/ Bump disk space requirements up a
bit Require 10GB on s390x, 20GB elsewhere.

- rpm/ Require 14GB worth of disk space on
POWER The builds started to fail randomly due to ENOSPC

- rpm/ Do not explicitly set
a selectable Kconfig option since 2.6.39 and is enabled
in our configs.

- rpm/ Do not obsolete ocfs2-kmp

- rpm/ Fix build if no UEFI certs
are installed

- rpm/ Install libopenssl-devel for
newer sign-file

- rpm/ No scriptlets in
kernel-zfcpdump The kernel should not be added to the
bootloader nor are there any KMPs.

- rpm/ Obsolete the -base package
from SLE11 (bnc#865096)

- rpm/ Use parallel make in all
invocations Also, remove the lengthy comment, since we
are using a standard rpm macro now.

- thinkpad_acpi: Do not yell on unsupported brightness
interfaces (boo#957152).

- usb: make 'nousb' a clear module parameter (bnc#954324).

- usbvision fix overflow of interfaces array (bnc#950998).

- x86/microcode/amd: Do not overwrite final patch levels

- x86/microcode/amd: Extract current patch level read to a
function (bsc#913996).

- xen/pciback: Do not allow MSI-X ops if
PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

- xhci: refuse loading if nousb is used (bnc#954324).

See also :

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now