openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1382-1
Rating: important
References: #957988 #970892 #970911 #970948 #970955 #970956
#970958 #970970 #971124 #971360 #971628 #972174
#973378 #974418 #975868
Cross-References: CVE-2016-2185 CVE-2016-2186 CVE-2016-2188
CVE-2016-2847 CVE-2016-3136 CVE-2016-3137
CVE-2016-3138 CVE-2016-3140 CVE-2016-3156
CVE-2016-3689 CVE-2016-3951
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves 11 vulnerabilities and has four fixes
is now available.

Description:

The openSUSE Leap 42.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:
– CVE-2016-2847: Limit the per-user amount of pages allocated in pipes
(bsc#970948).
– CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955).
– CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors
(bnc#970956).
– CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911).
– CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970).
– CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
(bnc#974418).
– CVE-2016-3140: digi_acceleport: do sanity checking for the number of
ports (bnc#970892).
– CVE-2016-2186: powermate: fix oops with malicious USB descriptors
(bnc#970958).
– CVE-2016-2185: usb_driver_claim_interface: add sanity checking
(bnc#971124).
– CVE-2016-3689: ims-pcu: sanity check against missing interfaces
(bnc#971628).
– CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev
destroy (bsc#971360).

The following non-security bugs were fixed:
– ALSA: timer: Call notifier in the same spinlock (bsc#973378).
– ALSA: timer: Protect the whole snd_timer_close() with open race
(bsc#973378).
– ALSA: timer: Sync timer deletion at closing the system timer
(bsc#973378).
– ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
– Backport arm64 patches from SLE12-SP1-ARM
– Fix kABI additions for pipe: limit the per-user amount of pages
allocated in pipes.
– Revert “drm/radeon: call hpd_irq_event on resume” (boo#975868).
– Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a
module.
– backends: guarantee one time reads of shared ring contents (bsc#957988).
– ext4: fix races between buffered IO and collapse / insert range
(bsc#972174).
– ext4: fix races between page faults and hole punching (bsc#972174).
– ext4: fix races of writeback with punch hole and zero range (bsc#972174).
– ext4: move unlocked dio protection from ext4_alloc_file_blocks()
(bsc#972174).
– net: thunderx: Use napi_schedule_irqoff()
– netback: do not use last request to determine minimum Tx credit
(bsc#957988).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-629=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.1 (i686 x86_64):

kernel-debug-4.1.21-14.2
kernel-debug-base-4.1.21-14.2
kernel-debug-base-debuginfo-4.1.21-14.2
kernel-debug-debuginfo-4.1.21-14.2
kernel-debug-debugsource-4.1.21-14.2
kernel-debug-devel-4.1.21-14.2
kernel-debug-devel-debuginfo-4.1.21-14.2
kernel-ec2-4.1.21-14.2
kernel-ec2-base-4.1.21-14.2
kernel-ec2-base-debuginfo-4.1.21-14.2
kernel-ec2-debuginfo-4.1.21-14.2
kernel-ec2-debugsource-4.1.21-14.2
kernel-ec2-devel-4.1.21-14.2
kernel-pv-4.1.21-14.2
kernel-pv-base-4.1.21-14.2
kernel-pv-base-debuginfo-4.1.21-14.2
kernel-pv-debuginfo-4.1.21-14.2
kernel-pv-debugsource-4.1.21-14.2
kernel-pv-devel-4.1.21-14.2
kernel-vanilla-4.1.21-14.2
kernel-vanilla-debuginfo-4.1.21-14.2
kernel-vanilla-debugsource-4.1.21-14.2
kernel-vanilla-devel-4.1.21-14.2
kernel-xen-4.1.21-14.2
kernel-xen-base-4.1.21-14.2
kernel-xen-base-debuginfo-4.1.21-14.2
kernel-xen-debuginfo-4.1.21-14.2
kernel-xen-debugsource-4.1.21-14.2
kernel-xen-devel-4.1.21-14.2

– openSUSE Leap 42.1 (i586 x86_64):

kernel-default-4.1.21-14.2
kernel-default-base-4.1.21-14.2
kernel-default-base-debuginfo-4.1.21-14.2
kernel-default-debuginfo-4.1.21-14.2
kernel-default-debugsource-4.1.21-14.2
kernel-default-devel-4.1.21-14.2
kernel-obs-build-4.1.21-14.4
kernel-obs-build-debugsource-4.1.21-14.4
kernel-obs-qa-4.1.21-14.2
kernel-obs-qa-xen-4.1.21-14.2
kernel-syms-4.1.21-14.2

– openSUSE Leap 42.1 (noarch):

kernel-devel-4.1.21-14.2
kernel-docs-4.1.21-14.5
kernel-docs-html-4.1.21-14.5
kernel-docs-pdf-4.1.21-14.5
kernel-macros-4.1.21-14.2
kernel-source-4.1.21-14.2
kernel-source-vanilla-4.1.21-14.2

– openSUSE Leap 42.1 (i686):

kernel-pae-4.1.21-14.2
kernel-pae-base-4.1.21-14.2
kernel-pae-base-debuginfo-4.1.21-14.2
kernel-pae-debuginfo-4.1.21-14.2
kernel-pae-debugsource-4.1.21-14.2
kernel-pae-devel-4.1.21-14.2

References:

https://www.suse.com/security/cve/CVE-2016-2185.html
https://www.suse.com/security/cve/CVE-2016-2186.html
https://www.suse.com/security/cve/CVE-2016-2188.html
https://www.suse.com/security/cve/CVE-2016-2847.html
https://www.suse.com/security/cve/CVE-2016-3136.html
https://www.suse.com/security/cve/CVE-2016-3137.html
https://www.suse.com/security/cve/CVE-2016-3138.html
https://www.suse.com/security/cve/CVE-2016-3140.html
https://www.suse.com/security/cve/CVE-2016-3156.html
https://www.suse.com/security/cve/CVE-2016-3689.html
https://www.suse.com/security/cve/CVE-2016-3951.html
https://bugzilla.suse.com/957988
https://bugzilla.suse.com/970892
https://bugzilla.suse.com/970911
https://bugzilla.suse.com/970948
https://bugzilla.suse.com/970955
https://bugzilla.suse.com/970956
https://bugzilla.suse.com/970958
https://bugzilla.suse.com/970970
https://bugzilla.suse.com/971124
https://bugzilla.suse.com/971360
https://bugzilla.suse.com/971628
https://bugzilla.suse.com/972174
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/974418
https://bugzilla.suse.com/975868

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e