openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

- CVE-2016-2847: Limit the per-user amount of pages
allocated in pipes (bsc#970948).

- CVE-2016-3136: mct_u232: add sanity checking in probe
(bnc#970955).

- CVE-2016-2188: iowarrior: fix oops with malicious USB
descriptors (bnc#970956).

- CVE-2016-3138: cdc-acm: more sanity checking
(bnc#970911).

- CVE-2016-3137: cypress_m8: add endpoint sanity check
(bnc#970970).

- CVE-2016-3951: cdc_ncm: do not call usbnet_link_change
from cdc_ncm_bind (bnc#974418).

- CVE-2016-3140: digi_acceleport: do sanity checking for
the number of ports (bnc#970892).

- CVE-2016-2186: powermate: fix oops with malicious USB
descriptors (bnc#970958).

- CVE-2016-2185: usb_driver_claim_interface: add sanity
checking (bnc#971124).

- CVE-2016-3689: ims-pcu: sanity check against missing
interfaces (bnc#971628).

- CVE-2016-3156: ipv4: Do not do expensive useless work
during inetdev destroy (bsc#971360).

The following non-security bugs were fixed :

- ALSA: timer: Call notifier in the same spinlock
(bsc#973378).

- ALSA: timer: Protect the whole snd_timer_close() with
open race (bsc#973378).

- ALSA: timer: Sync timer deletion at closing the system
timer (bsc#973378).

- ALSA: timer: Use mod_timer() for rearming the system
timer (bsc#973378).

- Backport arm64 patches from SLE12-SP1-ARM

- Fix kABI additions for pipe: limit the per-user amount
of pages allocated in pipes.

- Revert 'drm/radeon: call hpd_irq_event on resume'
(boo#975868).

- Update config files. Enable RTC_HCTOSYS, build
I2C_XGENE_SLIMPRO as a module.

- backends: guarantee one time reads of shared ring
contents (bsc#957988).

- ext4: fix races between buffered IO and collapse /
insert range (bsc#972174).

- ext4: fix races between page faults and hole punching
(bsc#972174).

- ext4: fix races of writeback with punch hole and zero
range (bsc#972174).

- ext4: move unlocked dio protection from
ext4_alloc_file_blocks() (bsc#972174).

- net: thunderx: Use napi_schedule_irqoff()

- netback: do not use last request to determine minimum Tx
credit (bsc#957988).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=957988
https://bugzilla.opensuse.org/show_bug.cgi?id=970892
https://bugzilla.opensuse.org/show_bug.cgi?id=970911
https://bugzilla.opensuse.org/show_bug.cgi?id=970948
https://bugzilla.opensuse.org/show_bug.cgi?id=970955
https://bugzilla.opensuse.org/show_bug.cgi?id=970956
https://bugzilla.opensuse.org/show_bug.cgi?id=970958
https://bugzilla.opensuse.org/show_bug.cgi?id=970970
https://bugzilla.opensuse.org/show_bug.cgi?id=971124
https://bugzilla.opensuse.org/show_bug.cgi?id=971360
https://bugzilla.opensuse.org/show_bug.cgi?id=971628
https://bugzilla.opensuse.org/show_bug.cgi?id=972174
https://bugzilla.opensuse.org/show_bug.cgi?id=973378
https://bugzilla.opensuse.org/show_bug.cgi?id=974418
https://bugzilla.opensuse.org/show_bug.cgi?id=975868

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now