Vulnerability-Lookup

SUSE-SU-2016:3069-1

Vulnerability from csaf_suse - Published: 2016-12-09 13:20 - Updated: 2016-12-09 13:20

Summary

Security update for the Linux Kernel

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel

Description of the patch: The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. This feature was added: - Support for the 2017 Intel Purley platform. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296) - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608) - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932) The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg. - AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs. - ALSA: hda - Add Intel Lewisburg device IDs Audio. - avoid dentry crash triggered by NFS (bsc#984194). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687). - bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867). - Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - fs/select: introduce SIZE_MAX (bsc#1000189). - i2c: i801: add Intel Lewisburg device IDs. - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes). - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399) - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - libfc: sanity check cpu number extracted from xid (bsc#988440). - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392). - md: lockless I/O submission for RAID1 (bsc#982783). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708). - net: add pfmemalloc check in sk_add_backlog() (bnc#920016). - netback: fix flipping mode (bsc#996664). - nfs: Do not drop directory dentry which is in use (bsc#993127). - nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - nfs: Fix races in nfs_revalidate_mapping (bsc#999584). - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584). - nfs: Fix writeback performance issue on cache invalidation (bsc#999584). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218). - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867). - pciback: fix conf_space read/write overlap check. - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926). - ppp: defer netns reference release for ppp channel (bsc#980371). - random32: add prandom_u32_max (bsc#989152). - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - s390/dasd: fix hanging device after clear subchannel (bnc#994436). - sata: Adding Intel Lewisburg device IDs for SATA. - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102). - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992). - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779). - tmpfs: change final i_blocks BUG to WARNING (bsc#991923). - Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-are.patch (add bsc#732582 reference). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - vlan: don't deliver frames for unknown vlans to protocols (bsc#979514). - vlan: mask vlan prio bits (bsc#979514). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).

Patchnames: slertesp4-kernel-source-12880

CVE-2013-4312

6.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H