The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers were valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the
Linux kernel had an incorrect sequence of protocol-initialization steps,
which allowed local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have
finished (bnc#947155).
- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
kernel did not properly handle rename actions inside a bind mount, which
allowed local users to bypass an intended container protection mechanism
by renaming a directory, related to a "double-chroot attack (bnc#926238).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
(bnc#953527).
- CVE-2015-7990: RDS: There was no verification that an underlying
transport exists when creating a connection, causing usage of a NULL
pointer (bsc#952384).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
Router Advertisement (RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).
The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers
(bnc#814440).
- Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236
(bsc#953796).
- Btrfs: fix file corruption and data loss after cloning inline extents
(bnc#956053).
- Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
- Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
- Fix regression in NFSRDMA server (bsc#951110).
- KEYS: Fix race between key destruction and finding a keyring by name
(bsc#951440).
- KVM: x86: call irq notifiers with directed EOI (bsc#950862).
- NVMe: Add shutdown timeout as module parameter (bnc#936076).
- NVMe: Mismatched host/device page size support (bsc#935961).
- PCI: Drop "setting latency timer" messages (bsc#956047).
- SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).
- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
- SUNRPC: Fix oops when trace sunrpc_task events in nfs client
(bnc#956703).
- Sync ppc64le netfilter config options with other archs (bnc#951546)
- Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another
task (bsc#921949).
- apparmor: temporary work around for bug while unloading policy
(boo#941867).
- audit: correctly record file names with different path name types
(bsc#950013).
- audit: create private file name copies when auditing inodes (bsc#950013).
- cpu: Defer smpboot kthread unparking until CPU known to scheduler
(bsc#936773).
- dlm: make posix locks interruptible, (bsc#947241).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would’ve merged with the previous
(bsc#904348).
- dm: impose configurable deadline for dm_request_fn’s merge heuristic
(bsc#904348).
- dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,
v2 (bsc#942938).
- drm/i915: add hotplug activation period to hotplug update mask
(bsc#953980).
- fanotify: fix notification of groups with inode and mount marks
(bsc#955533).
- genirq: Make sure irq descriptors really exist when __irq_alloc_descs
returns (bsc#945626).
- hv: vss: run only on supported host versions (bnc#949504).
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags
(bsc#947321).
- ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).
- ipv6: Extend the route lookups to low priority metrics (bsc#947321).
- ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).
- ipv6: Stop rt6_info from using inet_peer’s metrics (bsc#947321).
- ipv6: distinguish frag queues by device for multicast and link-local
packets (bsc#955422).
- ipvs: drop first packet to dead server (bsc#946078).
- kABI: protect struct ahci_host_priv.
- kABI: protect struct rt6_info changes from bsc#947321 changes
(bsc#947321).
- kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).
- kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
- kabi: Restore kabi in struct se_cmd (bsc#954635).
- kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
- kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).
- kgr: fix migration of kthreads to the new universe.
- kgr: wake up kthreads periodically.
- ktime: add ktime_after and ktime_before helper (bsc#904348).
- macvlan: Support bonding events (bsc#948521).
- net: add length argument to skb_copy_and_csum_datagram_iovec
(bsc#951199).
- net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()
(bsc#951199).
- pci: Update VPD size with correct length (bsc#924493).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
(bsc#949706).
- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds
(bsc#930145).
- rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies
(bnc#949100).
- sunrpc/cache: make cache flushing more reliable (bsc#947478).
- supported.conf: Add missing dependencies of supported modules hwmon_vid
needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by
ramoops
- supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio
- target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
- target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).
- target/rbd: fix PR info memory leaks (bnc#948831).
- target: Send UA upon LUN RESET tmr completion (bsc#933514).
- target: use "^A" when allocating UAs (bsc#933514).
- usbvision fix overflow of interfaces array (bnc#950998).
- vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at
runtime, instead of top-down (bsc#940853).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,
bnc#955148).
- x86/mm/hotplug: Pass sync_global_pgds() a correct argument in
remove_pagetable() (VM Functionality, bnc#955148).
- xfs: DIO needs an ioend for writes (bsc#949744).
- xfs: DIO write completion size updates race (bsc#949744).
- xfs: DIO writes within EOF do not need an ioend (bsc#949744).
- xfs: always drain dio before extending aio write submission (bsc#949744).
- xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
- xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
- xfs: factor DIO write mapping from get_blocks (bsc#949744).
- xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
- xfs: move DIO mapping size calculation (bsc#949744).
- xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
(bnc#951165).
- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).