Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2232-1 Final 1 1 2015-12-08T17:03:46Z current 2015-12-08T17:03:46Z 2015-12-08T17:03:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The Linux Kernel was updated to 4.1.13 and fixes the following issues: Security issues fixed: - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. - CVE-2015-7990: A local denial of service due to an incomplete fix of CVE-2015-6937 could lead to crashes (local denial of service). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. Bugs fixed: - alsa: hda - apply hp headphone fixups more generically (boo#954876). - alsa: hda - add fixup for acer aspire one cloudbook 14 (boo#954876). - alsa: hda - fix headphone noise after dell xps 13 resume back from S3 (boo#954876). - alsa: hda - fix noise on dell latitude e6440 (boo#954876). - alsa: hda/hdmi - apply skylake fix-ups to broxton display codec (boo#954647). - alsa: hda - add codec id for broxton display audio codec (boo#954647). - alsa: hda/realtek - dell xps one alc3260 speaker no sound after resume back (boo#954647). - alsa: hda - yet another fix for dell headset mic with alc3266 (boo#954647). - alsa: hda - fix dell laptop for internal mic/headset mic (boo#954647). - alsa: hda - remove no physical connection pins from pin_quirk table (boo#954647). - alsa: hda - add pin quirk for the headset mic jack detection on Dell laptop (boo#954647). - alsa: hda - fix the headset mic that will not work on dell desktop machine (boo#954647). - alsa: hda - remove one pin from alc292_standard_pins (boo#954647). - alsa: hda - add dock support for thinkpad w541 (17aa:2211) (boo#954647). - alsa: hda/realtek: enable hp amp and mute led on hp folio 9480m [v3] (boo#954647). - alsa: hda/realtek - support dell headset mode for alc298 (boo#954647). - alsa: hda/realtek - support headset mode for alc298 (boo#954647). - x86/evtchn: make use of physdevop_map_pirq. - blktap: also call blkif_disconnect() when frontend switched to closed (boo#952976). - blktap: refine mm tracking (boo#952976). - update xen patches to linux 4.1.13. - Backport arm64 patches from sle12-sp1-arm. - Backport pci-ea patches - Enable drm_ast driver - Fix thunderx edac store function - Update arm64 config files. Align arm64 vanilla configuration with default. - rtlwifi: rtl8821ae: fix lockups on boot (boo#944978). - ethernet/atheros/alx: add killer e2400 device id (boo#955363). - drm/i915: don't override output type for ddi hdmi (boo#955190). - drm/i915: set best_encoder field of connector_state also when disabling (boo#955190). - drm/i915: add hotplug activation period to hotplug update mask (boo#955365). - drm/i915: avoid race of intel_crt_detect_hotplug() with hpd interrupt, v2 (boo#955365). - drm/i915: shut up gen8+ sde irq dmesg noise (boo#954757). - ipv6: fix tunnel error handling (boo#952579). - Update config files (boo#951533). - iwlwifi: add new pci ids for the 8260 series (boo#954421). - iwlwifi: edit the 3165 series and 8000 series pci ids (boo#954421). - x86/efi-bgrt: switch pr_err() to pr_debug() for invalid bgrt (boo#953559). - x86/tsc: let high latency pit fail fast in quick_pit_calibrate() (boo#953717). - Backport arm64 patches from sle12-sp1-arm branch Backports to fix Seattle xgbe driver. Fix EL2 page table for systems with high amount of memory. Needed for KVM to work. Convert WARN_ON in numa implementation to pr_warn. - input: elantech - add fujitsu lifebook u745 to force crc_enabled (boo#883192). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html E-Mail link for openSUSE-SU-2015:2232-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 kernel-debug-4.1.13-5.1 kernel-debug-base-4.1.13-5.1 kernel-debug-devel-4.1.13-5.1 kernel-default-4.1.13-5.1 kernel-default-base-4.1.13-5.1 kernel-default-devel-4.1.13-5.1 kernel-devel-4.1.13-5.1 kernel-docs-4.1.13-5.4 kernel-docs-html-4.1.13-5.4 kernel-docs-pdf-4.1.13-5.4 kernel-ec2-4.1.13-5.1 kernel-ec2-base-4.1.13-5.1 kernel-ec2-devel-4.1.13-5.1 kernel-macros-4.1.13-5.1 kernel-obs-build-4.1.13-5.2 kernel-obs-qa-4.1.13-5.1 kernel-obs-qa-xen-4.1.13-5.1 kernel-pae-4.1.13-5.1 kernel-pae-base-4.1.13-5.1 kernel-pae-devel-4.1.13-5.1 kernel-pv-4.1.13-5.1 kernel-pv-base-4.1.13-5.1 kernel-pv-devel-4.1.13-5.1 kernel-source-4.1.13-5.1 kernel-source-vanilla-4.1.13-5.1 kernel-syms-4.1.13-5.1 kernel-vanilla-4.1.13-5.1 kernel-vanilla-devel-4.1.13-5.1 kernel-xen-4.1.13-5.1 kernel-xen-base-4.1.13-5.1 kernel-xen-devel-4.1.13-5.1 kernel-debug-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-debug-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-debug-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-default-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-default-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-default-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-docs-4.1.13-5.4 as a component of openSUSE Leap 42.1 kernel-docs-html-4.1.13-5.4 as a component of openSUSE Leap 42.1 kernel-docs-pdf-4.1.13-5.4 as a component of openSUSE Leap 42.1 kernel-ec2-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-ec2-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-ec2-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-macros-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-obs-build-4.1.13-5.2 as a component of openSUSE Leap 42.1 kernel-obs-qa-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-obs-qa-xen-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pae-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pae-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pae-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pv-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pv-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-pv-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-source-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-source-vanilla-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-syms-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-vanilla-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-vanilla-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-xen-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-xen-base-4.1.13-5.1 as a component of openSUSE Leap 42.1 kernel-xen-devel-4.1.13-5.1 as a component of openSUSE Leap 42.1 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 openSUSE Leap 42.1:kernel-debug-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-docs-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-html-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-pdf-4.1.13-5.4 openSUSE Leap 42.1:kernel-ec2-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-macros-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-build-4.1.13-5.2 openSUSE Leap 42.1:kernel-obs-qa-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-syms-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-devel-4.1.13-5.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. CVE-2015-6937 openSUSE Leap 42.1:kernel-debug-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-docs-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-html-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-pdf-4.1.13-5.4 openSUSE Leap 42.1:kernel-ec2-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-macros-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-build-4.1.13-5.2 openSUSE Leap 42.1:kernel-obs-qa-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-syms-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-devel-4.1.13-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html https://www.suse.com/security/cve/CVE-2015-6937.html CVE-2015-6937 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 https://bugzilla.suse.com/963994 SUSE Bug 963994 The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. CVE-2015-7799 openSUSE Leap 42.1:kernel-debug-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-docs-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-html-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-pdf-4.1.13-5.4 openSUSE Leap 42.1:kernel-ec2-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-macros-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-build-4.1.13-5.2 openSUSE Leap 42.1:kernel-obs-qa-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-syms-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-devel-4.1.13-5.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html https://www.suse.com/security/cve/CVE-2015-7799.html CVE-2015-7799 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/949936 SUSE Bug 949936 https://bugzilla.suse.com/951638 SUSE Bug 951638 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. CVE-2015-7990 openSUSE Leap 42.1:kernel-debug-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-docs-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-html-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-pdf-4.1.13-5.4 openSUSE Leap 42.1:kernel-ec2-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-macros-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-build-4.1.13-5.2 openSUSE Leap 42.1:kernel-obs-qa-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-syms-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-devel-4.1.13-5.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html https://www.suse.com/security/cve/CVE-2015-7990.html CVE-2015-7990 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. CVE-2015-8104 openSUSE Leap 42.1:kernel-debug-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-debug-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-default-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-docs-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-html-4.1.13-5.4 openSUSE Leap 42.1:kernel-docs-pdf-4.1.13-5.4 openSUSE Leap 42.1:kernel-ec2-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-ec2-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-macros-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-build-4.1.13-5.2 openSUSE Leap 42.1:kernel-obs-qa-4.1.13-5.1 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pae-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-pv-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-4.1.13-5.1 openSUSE Leap 42.1:kernel-source-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-syms-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-4.1.13-5.1 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-base-4.1.13-5.1 openSUSE Leap 42.1:kernel-xen-devel-4.1.13-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html https://www.suse.com/security/cve/CVE-2015-8104.html CVE-2015-8104 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977