Verfasst: 23.08.2015, 14:39
Diese Aktualisierung wird für eine Behebung eines mit dem Paket verbundenen Sicherheitsrisikos benötigt.
The openSUSE 13.2 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI
handler and espfix64 functionalities interacted during NMI processing. A
local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
- CVE-2015-3212: A race condition flaw was found in the way the Linux
kernels SCTP implementation handled Address Configuration lists when
performing Address Configuration Change (ASCONF). A local attacker
could use this flaw to crash the system via a race condition triggered
by setting certain ASCONF options on a socket.
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns)
via UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-4700: A local user could have created a bad instruction in
the JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during
the execution of this function (bnc#915517).
- CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by leveraging /dev/kvm access for an ioctl call (bnc#935542).
- CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:
Various problems in the UDF filesystem were fixed that could lead to
crashes when mounting prepared udf filesystems.
- CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN
driver in the Linux kernel did not ensure that certain length values
are sufficiently large, which allowed remote attackers to cause a
denial of service (system crash or large loop) or possibly execute
arbitrary code via a crafted packet, related to the (1) oz_usb_rx and
(2) oz_usb_handle_ep_data functions (bnc#933934).
- CVE-2015-4003: The oz_usb_handle_ep_data function in
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the
Linux kernel allowed remote attackers to cause a denial of service
(divide-by-zero error and system crash) via a crafted packet (bnc#933934).
- CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf
function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in
the Linux kernel allowed remote attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted packet
(bnc#933934).
- CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed.
- CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c
in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack
in the Linux kernel allowed remote attackers to reconfigure a hop-limit
setting via a small hop_limit value in a Router Advertisement (RA)
message (bnc#922583).
- CVE-2015-3636: It was found that the Linux kernels ping socket
implementation did not properly handle socket unhashing during spurious
disconnects, which could lead to a use-after-free flaw. On x86-64
architecture systems, a local user able to create ping sockets could
use this flaw to crash the system. On non-x86-64 architecture systems,
a local user able to create ping sockets could use this flaw to escalate
their privileges on the system.
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bnc#919007).
- CVE-2015-3339: Race condition in the prepare_binprm function in
fs/exec.c in the Linux kernel allowed local users to gain privileges
by executing a setuid program at a time instant when a chown to root
is in progress, and the ownership is changed but the setuid bit is not
yet stripped.
- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not
properly consider the length of the Read-Copy Update (RCU) grace period
for redirecting lookups in the absence of caching, which allowed remote
attackers to cause a denial of service (memory consumption or system
crash) via a flood of packets (bnc#916225).
The following non-security bugs were fixed:
- ALSA: ak411x: Fix stall in work callback (boo#934755).
- ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755).
- ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755).
- ALSA: emu10k1: do not deadlock in proc-functions (boo#934755).
- ALSA: emux: Fix mutex deadlock at unloading (boo#934755).
- ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755).
- ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup) (boo#934755).
- ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 (boo#934755).
- ALSA: hda - Add common pin macros for ALC269 family (boo#934755).
- ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755).
- ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755).
- ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755).
- ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755).
- ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755).
- ALSA: hda - Add one more node in the EAPD supporting candidate list (boo#934755).
- ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec (boo#934755).
- ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755).
- ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755).
- ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755).
- ALSA: hda - Disable runtime PM for Panther Point again (boo#934755).
- ALSA: hda - Do not access stereo amps for mono channel widgets (boo#934755).
- ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out (boo#934755).
- ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755).
- ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755).
- ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller (boo#934755).
- ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk (boo#934755).
- ALSA: hda - One more HP machine needs to change mute led quirk (boo#934755).
- ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755).
- ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755).
- ALSA: hda - Treat stereo-to-mono mix properly (boo#934755).
- ALSA: hda - change three SSID quirks to one pin quirk (boo#934755).
- ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755).
- ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid (boo#934755).
- ALSA: hda - fix headset mic detection problem for one more machine (boo#934755).
- ALSA: hda - fix mute led problem for three HP laptops (boo#934755).
- ALSA: hda - set proper caps for newer AMD hda audio in KB/KV (boo#934755).
- ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755).
- ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 (boo#934755).
- ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 (boo#934755).
- ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256 (boo#934755).
- ALSA: hda/realtek - Make more stable to get pin sense for ALC283 (boo#934755).
- ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755).
- ALSA: hda/realtek - Support HP mute led for output and input (boo#934755).
- ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755).
- ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755).
- ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755).
- ALSA: pcm: Do not leave PREPARED state after draining (boo#934755).
- ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755).
- ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support (boo#934755).
- ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755).
- ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate (boo#934755).
- ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample rate (boo#934755).
- ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755).
- ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate (boo#934755).
- ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate (boo#934755).
- ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) (boo#934755).
- Automatically Provide/Obsolete all subpackages of old flavors (bnc#925567)
- Fix kABI for ak411x structs (boo#934755).
- Fix kABI for snd_emu10k1 struct (boo#934755).
- HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624).
- HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624).
- HID: add quirk for PIXART OEM mouse used by HP (bnc#929624).
- HID: usbhid: add always-poll quirk (bnc#929624).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#929624).
- HID: usbhid: fix PIXART optical mouse (bnc#929624).
- HID: usbhid: more mice with ALWAYS_POLL (bnc#929624).
- HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624).
- HID: yet another buggy ELAN touchscreen (bnc#929624).
- Input: synaptics - handle spurious release of trackstick buttons (bnc#928693).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series (bnc#928693).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015 (bnc#928693).
- Input: synaptics - retrieve the extended capabilities in query $10 (bnc#928693).
- NFSv4: When returning a delegation, do not reclaim an incompatible open mode (bnc#934202).
- Refresh patches.xen/xen-blkfront-indirect (bsc#922235).
- Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60 (bnc#934397)
- arm64: mm: Remove hack in mmap randomized layout Fix commit id and mainlined information
- bnx2x: Fix kdump when iommu=on (bug#921769).
- client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348).
- config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only used on ARM64 systems.
- config: disable XGBE on non-ARM hardware It is documented as being present only on AMD SoCs.
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor() (bsc#924664).
- drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913).
- drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913).
- drm/i915/dp: only use training pattern 3 on platforms that support it (boo#935913).
- drm/i915/dp: there is no audio on port A (boo#935913).
- drm/i915/hsw: Fix workaround for server AUX channel clock divisor (boo#935913).
- drm/i915/vlv: remove wait for previous GFX clk disable request (boo#935913).
- drm/i915/vlv: save/restore the power context base reg (boo#935913).
- drm/i915: Add missing MacBook Pro models with dual channel LVDS (boo#935913).
- drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913).
- drm/i915: Ban Haswell from using RCS flips (boo#935913).
- drm/i915: Check obj->vma_list under the struct_mutex (boo#935913).
- drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913).
- drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913).
- drm/i915: Disable caches for Global GTT (boo#935913).
- drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
- drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913).
- drm/i915: Do not leak pages when freeing userptr objects (boo#935913).
- drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913).
- drm/i915: Evict CS TLBs between batches (boo#935913).
- drm/i915: Fix DDC probe for passive adapters (boo#935913).
- drm/i915: Fix and clean BDW PCH identification (boo#935913).
- drm/i915: Force the CS stall for invalidate flushes (boo#935913).
- drm/i915: Handle failure to kick out a conflicting fb driver (boo#935913).
- drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (boo#935913).
- drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913).
- drm/i915: Invalidate media caches on gen7 (boo#935913).
- drm/i915: Kick fbdev before vgacon (boo#935913).
- drm/i915: Only fence tiled region of object (boo#935913).
- drm/i915: Only warn the first time we attempt to mmio whilst suspended (boo#935913).
- drm/i915: Unlock panel even when LVDS is disabled (boo#935913).
- drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913).
- drm/i915: cope with large i2c transfers (boo#935913).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#935913).
- drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913).
- drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (boo#935913).
- drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913).
- drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913).
- drm/radeon: retry dcpd fetch (bnc#931580).
- ftrace/x86/xen: use kernel identity mapping only when really needed (bsc#873195, bsc#886272, bsc#903727, bsc#927725)
- guards: Add support for an external filelist in --check mode This will allow us to run --check without a kernel-source.git work tree.
- guards: Include the file name also in the "Not found" error
- guards: Simplify help text
- hyperv: Add processing of MTU reduced by the host (bnc#919596).
- ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked (boo#939394).
- ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399).
- ipv6: fix ECMP route replacement (bsc#930399).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#930399).
- kABI: protect linux/slab.h include in of/address.
- kabi/severities: ignore already-broken but acceptable kABI changes - SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring - Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages prototype - KVM changes are intermodule dependencies
- kabi: Fix CRC for dma_get_required_mask.
- kabi: add kABI reference files
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599).
- net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488).
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not match
- rt2x00: do not align payload on modern H/W (bnc#932844).
- rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
- thermal: step_wise: Revert optimization (boo#925961).
- tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64: mm: Remove hack in mmap randomize layout (bsc#937033)
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937226).
- x86, apic: Handle a bad TSC more gracefully (boo#935530).
- x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092).
- x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bnc#907092).
- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
- x86/microcode/amd: Extract current patch level read to a function (bsc#913996).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xhci: Calculate old endpoints correctly on device reset (bnc#938976).
Weitere Informationen zu den Fehlerbereinigungen dieser Aktualisierung sind auf diesen Webseiten verfügbar:
• https://bugzilla.opensuse.org/show_bug.cgi?id=907092
• https://bugzilla.opensuse.org/show_bug.cgi?id=907714
• https://bugzilla.opensuse.org/show_bug.cgi?id=915517
• https://bugzilla.opensuse.org/show_bug.cgi?id=916225
• https://bugzilla.opensuse.org/show_bug.cgi?id=919007
• https://bugzilla.opensuse.org/show_bug.cgi?id=919596
• https://bugzilla.opensuse.org/show_bug.cgi?id=921769
• https://bugzilla.opensuse.org/show_bug.cgi?id=922583
• https://bugzilla.opensuse.org/show_bug.cgi?id=925567
• https://bugzilla.opensuse.org/show_bug.cgi?id=925961
• https://bugzilla.opensuse.org/show_bug.cgi?id=927786
• https://bugzilla.opensuse.org/show_bug.cgi?id=928693
• https://bugzilla.opensuse.org/show_bug.cgi?id=929624
• https://bugzilla.opensuse.org/show_bug.cgi?id=930488
• https://bugzilla.opensuse.org/show_bug.cgi?id=930599
• https://bugzilla.opensuse.org/show_bug.cgi?id=931580
• https://bugzilla.opensuse.org/show_bug.cgi?id=932348
• https://bugzilla.opensuse.org/show_bug.cgi?id=932844
• https://bugzilla.opensuse.org/show_bug.cgi?id=933934
• https://bugzilla.opensuse.org/show_bug.cgi?id=934202
• https://bugzilla.opensuse.org/show_bug.cgi?id=934397
• https://bugzilla.opensuse.org/show_bug.cgi?id=934755
• https://bugzilla.opensuse.org/show_bug.cgi?id=935530
• https://bugzilla.opensuse.org/show_bug.cgi?id=935542
• https://bugzilla.opensuse.org/show_bug.cgi?id=935705
• https://bugzilla.opensuse.org/show_bug.cgi?id=935913
• https://bugzilla.opensuse.org/show_bug.cgi?id=937226
• https://bugzilla.opensuse.org/show_bug.cgi?id=938976
• https://bugzilla.opensuse.org/show_bug.cgi?id=939394
Weitere Informationen zu dieser Sicherheitsaktualisierung sind auf diesen Webseiten verfügbar:
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9728
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9729
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9730
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9731
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-1420
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-1465
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-2041
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-2922
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3212
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3290
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3339
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3636
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4001
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4002
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4003
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4036
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4167
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4692
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4700
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-5364
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-5366
Ein Neustart des Rechners wird für die Übernahme der Änderungen der Aktualisierung erforderlich.
The openSUSE 13.2 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI
handler and espfix64 functionalities interacted during NMI processing. A
local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
- CVE-2015-3212: A race condition flaw was found in the way the Linux
kernels SCTP implementation handled Address Configuration lists when
performing Address Configuration Change (ASCONF). A local attacker
could use this flaw to crash the system via a race condition triggered
by setting certain ASCONF options on a socket.
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns)
via UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-4700: A local user could have created a bad instruction in
the JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during
the execution of this function (bnc#915517).
- CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by leveraging /dev/kvm access for an ioctl call (bnc#935542).
- CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:
Various problems in the UDF filesystem were fixed that could lead to
crashes when mounting prepared udf filesystems.
- CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN
driver in the Linux kernel did not ensure that certain length values
are sufficiently large, which allowed remote attackers to cause a
denial of service (system crash or large loop) or possibly execute
arbitrary code via a crafted packet, related to the (1) oz_usb_rx and
(2) oz_usb_handle_ep_data functions (bnc#933934).
- CVE-2015-4003: The oz_usb_handle_ep_data function in
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the
Linux kernel allowed remote attackers to cause a denial of service
(divide-by-zero error and system crash) via a crafted packet (bnc#933934).
- CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf
function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in
the Linux kernel allowed remote attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted packet
(bnc#933934).
- CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed.
- CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c
in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack
in the Linux kernel allowed remote attackers to reconfigure a hop-limit
setting via a small hop_limit value in a Router Advertisement (RA)
message (bnc#922583).
- CVE-2015-3636: It was found that the Linux kernels ping socket
implementation did not properly handle socket unhashing during spurious
disconnects, which could lead to a use-after-free flaw. On x86-64
architecture systems, a local user able to create ping sockets could
use this flaw to crash the system. On non-x86-64 architecture systems,
a local user able to create ping sockets could use this flaw to escalate
their privileges on the system.
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bnc#919007).
- CVE-2015-3339: Race condition in the prepare_binprm function in
fs/exec.c in the Linux kernel allowed local users to gain privileges
by executing a setuid program at a time instant when a chown to root
is in progress, and the ownership is changed but the setuid bit is not
yet stripped.
- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not
properly consider the length of the Read-Copy Update (RCU) grace period
for redirecting lookups in the absence of caching, which allowed remote
attackers to cause a denial of service (memory consumption or system
crash) via a flood of packets (bnc#916225).
The following non-security bugs were fixed:
- ALSA: ak411x: Fix stall in work callback (boo#934755).
- ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755).
- ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755).
- ALSA: emu10k1: do not deadlock in proc-functions (boo#934755).
- ALSA: emux: Fix mutex deadlock at unloading (boo#934755).
- ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755).
- ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup) (boo#934755).
- ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 (boo#934755).
- ALSA: hda - Add common pin macros for ALC269 family (boo#934755).
- ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755).
- ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755).
- ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755).
- ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755).
- ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755).
- ALSA: hda - Add one more node in the EAPD supporting candidate list (boo#934755).
- ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec (boo#934755).
- ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755).
- ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755).
- ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755).
- ALSA: hda - Disable runtime PM for Panther Point again (boo#934755).
- ALSA: hda - Do not access stereo amps for mono channel widgets (boo#934755).
- ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out (boo#934755).
- ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755).
- ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755).
- ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller (boo#934755).
- ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk (boo#934755).
- ALSA: hda - One more HP machine needs to change mute led quirk (boo#934755).
- ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755).
- ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755).
- ALSA: hda - Treat stereo-to-mono mix properly (boo#934755).
- ALSA: hda - change three SSID quirks to one pin quirk (boo#934755).
- ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755).
- ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid (boo#934755).
- ALSA: hda - fix headset mic detection problem for one more machine (boo#934755).
- ALSA: hda - fix mute led problem for three HP laptops (boo#934755).
- ALSA: hda - set proper caps for newer AMD hda audio in KB/KV (boo#934755).
- ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755).
- ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 (boo#934755).
- ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 (boo#934755).
- ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256 (boo#934755).
- ALSA: hda/realtek - Make more stable to get pin sense for ALC283 (boo#934755).
- ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755).
- ALSA: hda/realtek - Support HP mute led for output and input (boo#934755).
- ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755).
- ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755).
- ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755).
- ALSA: pcm: Do not leave PREPARED state after draining (boo#934755).
- ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755).
- ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support (boo#934755).
- ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755).
- ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755).
- ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate (boo#934755).
- ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample rate (boo#934755).
- ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755).
- ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate (boo#934755).
- ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate (boo#934755).
- ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) (boo#934755).
- Automatically Provide/Obsolete all subpackages of old flavors (bnc#925567)
- Fix kABI for ak411x structs (boo#934755).
- Fix kABI for snd_emu10k1 struct (boo#934755).
- HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624).
- HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624).
- HID: add quirk for PIXART OEM mouse used by HP (bnc#929624).
- HID: usbhid: add always-poll quirk (bnc#929624).
- HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#929624).
- HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#929624).
- HID: usbhid: fix PIXART optical mouse (bnc#929624).
- HID: usbhid: more mice with ALWAYS_POLL (bnc#929624).
- HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624).
- HID: yet another buggy ELAN touchscreen (bnc#929624).
- Input: synaptics - handle spurious release of trackstick buttons (bnc#928693).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series (bnc#928693).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015 (bnc#928693).
- Input: synaptics - retrieve the extended capabilities in query $10 (bnc#928693).
- NFSv4: When returning a delegation, do not reclaim an incompatible open mode (bnc#934202).
- Refresh patches.xen/xen-blkfront-indirect (bsc#922235).
- Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60 (bnc#934397)
- arm64: mm: Remove hack in mmap randomized layout Fix commit id and mainlined information
- bnx2x: Fix kdump when iommu=on (bug#921769).
- client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348).
- config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only used on ARM64 systems.
- config: disable XGBE on non-ARM hardware It is documented as being present only on AMD SoCs.
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor() (bsc#924664).
- drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913).
- drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913).
- drm/i915/dp: only use training pattern 3 on platforms that support it (boo#935913).
- drm/i915/dp: there is no audio on port A (boo#935913).
- drm/i915/hsw: Fix workaround for server AUX channel clock divisor (boo#935913).
- drm/i915/vlv: remove wait for previous GFX clk disable request (boo#935913).
- drm/i915/vlv: save/restore the power context base reg (boo#935913).
- drm/i915: Add missing MacBook Pro models with dual channel LVDS (boo#935913).
- drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913).
- drm/i915: Ban Haswell from using RCS flips (boo#935913).
- drm/i915: Check obj->vma_list under the struct_mutex (boo#935913).
- drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913).
- drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913).
- drm/i915: Disable caches for Global GTT (boo#935913).
- drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).
- drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913).
- drm/i915: Do not leak pages when freeing userptr objects (boo#935913).
- drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913).
- drm/i915: Evict CS TLBs between batches (boo#935913).
- drm/i915: Fix DDC probe for passive adapters (boo#935913).
- drm/i915: Fix and clean BDW PCH identification (boo#935913).
- drm/i915: Force the CS stall for invalidate flushes (boo#935913).
- drm/i915: Handle failure to kick out a conflicting fb driver (boo#935913).
- drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (boo#935913).
- drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913).
- drm/i915: Invalidate media caches on gen7 (boo#935913).
- drm/i915: Kick fbdev before vgacon (boo#935913).
- drm/i915: Only fence tiled region of object (boo#935913).
- drm/i915: Only warn the first time we attempt to mmio whilst suspended (boo#935913).
- drm/i915: Unlock panel even when LVDS is disabled (boo#935913).
- drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913).
- drm/i915: cope with large i2c transfers (boo#935913).
- drm/i915: do not warn if backlight unexpectedly enabled (boo#935913).
- drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913).
- drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (boo#935913).
- drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913).
- drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913).
- drm/radeon: retry dcpd fetch (bnc#931580).
- ftrace/x86/xen: use kernel identity mapping only when really needed (bsc#873195, bsc#886272, bsc#903727, bsc#927725)
- guards: Add support for an external filelist in --check mode This will allow us to run --check without a kernel-source.git work tree.
- guards: Include the file name also in the "Not found" error
- guards: Simplify help text
- hyperv: Add processing of MTU reduced by the host (bnc#919596).
- ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked (boo#939394).
- ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399).
- ipv6: fix ECMP route replacement (bsc#930399).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#930399).
- kABI: protect linux/slab.h include in of/address.
- kabi/severities: ignore already-broken but acceptable kABI changes - SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring - Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages prototype - KVM changes are intermodule dependencies
- kabi: Fix CRC for dma_get_required_mask.
- kabi: add kABI reference files
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599).
- net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488).
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not match
- rt2x00: do not align payload on modern H/W (bnc#932844).
- rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
- thermal: step_wise: Revert optimization (boo#925961).
- tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64: mm: Remove hack in mmap randomize layout (bsc#937033)
- udf: Remove repeated loads blocksize (bsc#933907).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937226).
- x86, apic: Handle a bad TSC more gracefully (boo#935530).
- x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092).
- x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bnc#907092).
- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
- x86/microcode/amd: Extract current patch level read to a function (bsc#913996).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
- xhci: Calculate old endpoints correctly on device reset (bnc#938976).
Weitere Informationen zu den Fehlerbereinigungen dieser Aktualisierung sind auf diesen Webseiten verfügbar:
• https://bugzilla.opensuse.org/show_bug.cgi?id=907092
• https://bugzilla.opensuse.org/show_bug.cgi?id=907714
• https://bugzilla.opensuse.org/show_bug.cgi?id=915517
• https://bugzilla.opensuse.org/show_bug.cgi?id=916225
• https://bugzilla.opensuse.org/show_bug.cgi?id=919007
• https://bugzilla.opensuse.org/show_bug.cgi?id=919596
• https://bugzilla.opensuse.org/show_bug.cgi?id=921769
• https://bugzilla.opensuse.org/show_bug.cgi?id=922583
• https://bugzilla.opensuse.org/show_bug.cgi?id=925567
• https://bugzilla.opensuse.org/show_bug.cgi?id=925961
• https://bugzilla.opensuse.org/show_bug.cgi?id=927786
• https://bugzilla.opensuse.org/show_bug.cgi?id=928693
• https://bugzilla.opensuse.org/show_bug.cgi?id=929624
• https://bugzilla.opensuse.org/show_bug.cgi?id=930488
• https://bugzilla.opensuse.org/show_bug.cgi?id=930599
• https://bugzilla.opensuse.org/show_bug.cgi?id=931580
• https://bugzilla.opensuse.org/show_bug.cgi?id=932348
• https://bugzilla.opensuse.org/show_bug.cgi?id=932844
• https://bugzilla.opensuse.org/show_bug.cgi?id=933934
• https://bugzilla.opensuse.org/show_bug.cgi?id=934202
• https://bugzilla.opensuse.org/show_bug.cgi?id=934397
• https://bugzilla.opensuse.org/show_bug.cgi?id=934755
• https://bugzilla.opensuse.org/show_bug.cgi?id=935530
• https://bugzilla.opensuse.org/show_bug.cgi?id=935542
• https://bugzilla.opensuse.org/show_bug.cgi?id=935705
• https://bugzilla.opensuse.org/show_bug.cgi?id=935913
• https://bugzilla.opensuse.org/show_bug.cgi?id=937226
• https://bugzilla.opensuse.org/show_bug.cgi?id=938976
• https://bugzilla.opensuse.org/show_bug.cgi?id=939394
Weitere Informationen zu dieser Sicherheitsaktualisierung sind auf diesen Webseiten verfügbar:
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9728
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9729
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9730
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-9731
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-1420
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-1465
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-2041
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-2922
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3212
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3290
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3339
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-3636
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4001
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4002
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4003
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4036
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4167
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4692
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-4700
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-5364
• http://cve.mitre.org/cgi-bin/cvename.cg ... -2015-5366
Ein Neustart des Rechners wird für die Übernahme der Änderungen der Aktualisierung erforderlich.