Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1639
SUSE Security Update: Security updates for the Linux Kernel
1 July 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-4998 CVE-2016-4997 CVE-2016-3156
CVE-2016-3140 CVE-2016-3139 CVE-2016-3138
CVE-2016-3137 CVE-2016-2847 CVE-2016-2782
CVE-2016-2188 CVE-2016-2186 CVE-2016-2185
CVE-2016-2184 CVE-2016-2143 CVE-2015-8816
CVE-2015-8552 CVE-2015-8551 CVE-2015-7566
CVE-2015-1339
Reference: ESB-2016.1617
ESB-2016.1608
ESB-2016.1599
ESB-2016.1078
ESB-2016.0821
Comment: This bulletin contains three (3) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1707-1
Rating: important
References: #898592 #940413 #946122 #949752 #956852 #957988
#957990 #959381 #960458 #961512 #963998 #965319
#965860 #965923 #967863 #968010 #968018 #968141
#968566 #968670 #968687 #969356 #970504 #970892
#970909 #970911 #970948 #970956 #970958 #970970
#971124 #971125 #971360 #971433 #971729 #972363
#973237 #973378 #973556 #973570 #975772 #975945
Cross-References: CVE-2015-1339 CVE-2015-7566 CVE-2015-8551
CVE-2015-8552 CVE-2015-8816 CVE-2016-2143
CVE-2016-2184 CVE-2016-2185 CVE-2016-2186
CVE-2016-2188 CVE-2016-2782 CVE-2016-2847
CVE-2016-3137 CVE-2016-3138 CVE-2016-3139
CVE-2016-3140 CVE-2016-3156
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 17 vulnerabilities and has 25 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-1339: Memory leak in the cuse_channel_release function in
fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial
of service (memory consumption) or possibly have unspecified other
impact by opening /dev/cuse many times (bnc#969356).
- CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c
in the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a bulk-out endpoint (bnc#961512).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an x86
system and using Linux 3.1.x through 4.3.x as the driver domain, allowed
local guest administrators to hit BUG conditions and cause a denial of
service (NULL pointer dereference and host OS crash) by leveraging a
system with access to a passed-through MSI or MSI-X capable physical PCI
device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux
pciback missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an x86
system and using Linux 3.1.x through 4.3.x as the driver domain, allowed
local guest administrators to generate a continuous stream
of WARN messages and cause a denial of service (disk consumption) by
leveraging a system with access to a passed-through MSI or MSI-X
capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka
"Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in
the Linux kernel did not properly maintain a hub-interface data
structure, which allowed physically proximate attackers to cause a
denial of service (invalid memory access and system crash) or possibly
have unspecified
other impact by unplugging a USB hub device (bnc#968010).
- CVE-2016-2143: The fork implementation in the Linux kernel on s390
platforms mishandles the case of four page-table levels, which allowed
local users to cause a denial of service (system crash) or possibly have
unspecified other impact via a crafted application, related to
arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h
(bnc#970504).
- CVE-2016-2184: The create_fixed_stream_quirk function in
sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel
allowed physically proximate attackers to cause a denial of service
(NULL pointer dereference or double free, and system crash) via a
crafted endpoints value in a USB device descriptor (bnc#971125).
- CVE-2016-2185: The ati_remote2_probe function in
drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#971124).
- CVE-2016-2186: The powermate_probe function in
drivers/input/misc/powermate.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970958).
- CVE-2016-2188: The iowarrior_probe function in
drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970956).
- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).
- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount
of unread data in pipes, which allowed local users to cause a denial of
service (memory consumption) by creating many pipes with non-default
sizes (bnc#970948).
- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel
allowed physically proximate attackers to cause a denial of service
(NULL pointer dereference and system crash) via a USB device without
both an interrupt-in and an interrupt-out endpoint descriptor, related
to the cypress_generic_port_probe and cypress_open functions
(bnc#970970).
- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in
the Linux kernel allowed physically proximate attackers to cause a
denial of service (NULL pointer dereference and system crash) via a USB
device without both a control and a data endpoint descriptor
(bnc#970911).
- CVE-2016-3139: The wacom_probe function in
drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970909).
- CVE-2016-3140: The digi_port_init function in
drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed
physically proximate attackers to cause a denial of service (NULL
pointer dereference and system crash) via a crafted endpoints value in a
USB device descriptor (bnc#970892).
- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles
destruction of device objects, which allowed guest OS users to cause a
denial of service (host OS networking outage) by arranging for a large
number of IP addresses (bnc#971360).
The following non-security bugs were fixed:
- acpi / pci: Account for ARI in _PRT lookups (bsc#968566).
- af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).
- alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018).
- alsa: rawmidi: Fix race at copying & updating the position (bsc#968018).
- alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).
- alsa: seq: Fix double port list deletion (bsc#968018).
- alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
(bsc#968018).
- alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).
- alsa: seq: Fix race at closing in virmidi driver (bsc#968018).
- alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018).
- alsa: timer: Call notifier in the same spinlock (bsc#973378).
- alsa: timer: Code cleanup (bsc#968018).
- alsa: timer: Fix leftover link at closing (bsc#968018).
- alsa: timer: Fix link corruption due to double start or stop
(bsc#968018).
- alsa: timer: Fix race between stop and interrupt (bsc#968018).
- alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018).
- alsa: timer: Protect the whole snd_timer_close() with open race
(bsc#973378).
- alsa: timer: Sync timer deletion at closing the system timer
(bsc#973378).
- alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378).
- dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).
- fs, seqfile: always allow oom killer (bnc#968687).
- fs/seq_file: fallback to vmalloc allocation (bnc#968687).
- fs, seq_file: fallback to vmalloc instead of oom kill processes
(bnc#968687).
- hpsa: fix issues with multilun devices (bsc#959381).
- ibmvscsi: Remove unsupported host config MAD (bsc#973556).
- iommu/vt-d: Improve fault handler error messages (bsc#975772).
- iommu/vt-d: Ratelimit fault handler (bsc#975772).
- ipv6: make fib6 serial number per namespace (bsc#965319).
- ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs
(bsc#956852).
- ipv6: per netns fib6 walkers (bsc#965319).
- ipv6: per netns FIB garbage collection (bsc#965319).
- ipv6: replace global gc_args with local variable (bsc#965319).
- kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687).
- kabi: Import kabi files from kernel 3.0.101-71
- kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).
- kabi: Restore kabi after lock-owner change (bnc#968141).
- llist: Add llist_next() (fate#316876).
- make vfree() safe to call from interrupt contexts (fate#316876).
- mld, igmp: Fix reserved tailroom calculation (bsc#956852).
- net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433).
- net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433).
- net/core: __hw_addr_sync_one / _multiple broken (bsc#971433).
- net/core: __hw_addr_unsync_one "from" address not marked synced
(bsc#971433).
- nfs4: treat lock owners as opaque values (bnc#968141).
- nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237).
- nfsd: do not fail unchecked creates of non-special files (bsc#973237).
- nfs: use smaller allocations for 'struct idmap' (bsc#965923).
- pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990).
- pciback: Save the number of MSI-X entries to be copied later
(bsc#957988).
- pci: Move pci_ari_enabled() to global header (bsc#968566).
- pci: Update PCI VPD size patch to upstream: - PCI: Determine actual VPD
size on first access (bsc#971729). - PCI: Update VPD definitions
(bsc#971729).
- rdma/ucma: Fix AB-BA deadlock (bsc#963998).
- s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413).
- scsi_dh_alua: Do not block request queue if workqueue is active
(bsc#960458).
- scsi: mpt2sas: Rearrange the the code so that the completion queues are
initialized prior to sending the request to controller firmware
(bsc#967863).
- skb: Add inline helper for getting the skb end offset from head
(bsc#956852).
- tcp: avoid order-1 allocations on wifi and tx path (bsc#956852).
- tcp: fix skb_availroom() (bsc#956852).
- usb: usbip: fix potential out-of-bounds write (bnc#975945).
- vmxnet3: set carrier state properly on probe (bsc#972363).
- vmxnet3: set netdev parant device before calling netdev_info
(bsc#972363).
- xfrm: do not segment UFO packets (bsc#946122).
- xfs: fix sgid inheritance for subdirectories inheriting default acls
[V3] (bsc#965860).
- xhci: Workaround to get Intel xHCI reset working more reliably
(bnc#898592).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-kernel-rt-12636=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-rt-12636=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
kernel-rt-3.0.101.rt130-54.1
kernel-rt-base-3.0.101.rt130-54.1
kernel-rt-devel-3.0.101.rt130-54.1
kernel-rt_trace-3.0.101.rt130-54.1
kernel-rt_trace-base-3.0.101.rt130-54.1
kernel-rt_trace-devel-3.0.101.rt130-54.1
kernel-source-rt-3.0.101.rt130-54.1
kernel-syms-rt-3.0.101.rt130-54.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
kernel-rt-debuginfo-3.0.101.rt130-54.1
kernel-rt-debugsource-3.0.101.rt130-54.1
kernel-rt_debug-debuginfo-3.0.101.rt130-54.1
kernel-rt_debug-debugsource-3.0.101.rt130-54.1
kernel-rt_trace-debuginfo-3.0.101.rt130-54.1
kernel-rt_trace-debugsource-3.0.101.rt130-54.1
References:
https://www.suse.com/security/cve/CVE-2015-1339.html
https://www.suse.com/security/cve/CVE-2015-7566.html
https://www.suse.com/security/cve/CVE-2015-8551.html
https://www.suse.com/security/cve/CVE-2015-8552.html
https://www.suse.com/security/cve/CVE-2015-8816.html
https://www.suse.com/security/cve/CVE-2016-2143.html
https://www.suse.com/security/cve/CVE-2016-2184.html
https://www.suse.com/security/cve/CVE-2016-2185.html
https://www.suse.com/security/cve/CVE-2016-2186.html
https://www.suse.com/security/cve/CVE-2016-2188.html
https://www.suse.com/security/cve/CVE-2016-2782.html
https://www.suse.com/security/cve/CVE-2016-2847.html
https://www.suse.com/security/cve/CVE-2016-3137.html
https://www.suse.com/security/cve/CVE-2016-3138.html
https://www.suse.com/security/cve/CVE-2016-3139.html
https://www.suse.com/security/cve/CVE-2016-3140.html
https://www.suse.com/security/cve/CVE-2016-3156.html
https://bugzilla.suse.com/898592
https://bugzilla.suse.com/940413
https://bugzilla.suse.com/946122
https://bugzilla.suse.com/949752
https://bugzilla.suse.com/956852
https://bugzilla.suse.com/957988
https://bugzilla.suse.com/957990
https://bugzilla.suse.com/959381
https://bugzilla.suse.com/960458
https://bugzilla.suse.com/961512
https://bugzilla.suse.com/963998
https://bugzilla.suse.com/965319
https://bugzilla.suse.com/965860
https://bugzilla.suse.com/965923
https://bugzilla.suse.com/967863
https://bugzilla.suse.com/968010
https://bugzilla.suse.com/968018
https://bugzilla.suse.com/968141
https://bugzilla.suse.com/968566
https://bugzilla.suse.com/968670
https://bugzilla.suse.com/968687
https://bugzilla.suse.com/969356
https://bugzilla.suse.com/970504
https://bugzilla.suse.com/970892
https://bugzilla.suse.com/970909
https://bugzilla.suse.com/970911
https://bugzilla.suse.com/970948
https://bugzilla.suse.com/970956
https://bugzilla.suse.com/970958
https://bugzilla.suse.com/970970
https://bugzilla.suse.com/971124
https://bugzilla.suse.com/971125
https://bugzilla.suse.com/971360
https://bugzilla.suse.com/971433
https://bugzilla.suse.com/971729
https://bugzilla.suse.com/972363
https://bugzilla.suse.com/973237
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/973556
https://bugzilla.suse.com/973570
https://bugzilla.suse.com/975772
https://bugzilla.suse.com/975945
- ---
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1709-1
Rating: important
References: #971770 #972124 #981143 #983394 #986362
Cross-References: CVE-2016-4998
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to receive critical
security and bugfixes.
Security issue fixed:
- CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables
handling could lead to a local privilege escalation. (bsc#986362)
The following non-security bugs were fixed:
- KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).
- block: do not check request size in blk_cloned_rq_check_limits()
(bsc#972124).
- rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394).
- target/rbd: do not put snap_context twice (bsc#981143).
- target/rbd: remove caw_mutex usage (bsc#981143).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1012=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1012=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1012=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1012=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1012=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1012=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
kernel-default-debuginfo-3.12.59-60.45.2
kernel-default-debugsource-3.12.59-60.45.2
kernel-default-extra-3.12.59-60.45.2
kernel-default-extra-debuginfo-3.12.59-60.45.2
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
kernel-obs-build-3.12.59-60.45.3
kernel-obs-build-debugsource-3.12.59-60.45.3
- SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):
kernel-docs-3.12.59-60.45.4
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
kernel-default-3.12.59-60.45.2
kernel-default-base-3.12.59-60.45.2
kernel-default-base-debuginfo-3.12.59-60.45.2
kernel-default-debuginfo-3.12.59-60.45.2
kernel-default-debugsource-3.12.59-60.45.2
kernel-default-devel-3.12.59-60.45.2
kernel-syms-3.12.59-60.45.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
kernel-xen-3.12.59-60.45.2
kernel-xen-base-3.12.59-60.45.2
kernel-xen-base-debuginfo-3.12.59-60.45.2
kernel-xen-debuginfo-3.12.59-60.45.2
kernel-xen-debugsource-3.12.59-60.45.2
kernel-xen-devel-3.12.59-60.45.2
- SUSE Linux Enterprise Server 12-SP1 (noarch):
kernel-devel-3.12.59-60.45.1
kernel-macros-3.12.59-60.45.1
kernel-source-3.12.59-60.45.1
- SUSE Linux Enterprise Server 12-SP1 (s390x):
kernel-default-man-3.12.59-60.45.2
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.59-60.45.2
kernel-ec2-debuginfo-3.12.59-60.45.2
kernel-ec2-debugsource-3.12.59-60.45.2
kernel-ec2-devel-3.12.59-60.45.2
kernel-ec2-extra-3.12.59-60.45.2
kernel-ec2-extra-debuginfo-3.12.59-60.45.2
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_59-60_45-default-1-2.3
kgraft-patch-3_12_59-60_45-xen-1-2.3
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
kernel-devel-3.12.59-60.45.1
kernel-macros-3.12.59-60.45.1
kernel-source-3.12.59-60.45.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
kernel-default-3.12.59-60.45.2
kernel-default-debuginfo-3.12.59-60.45.2
kernel-default-debugsource-3.12.59-60.45.2
kernel-default-devel-3.12.59-60.45.2
kernel-default-extra-3.12.59-60.45.2
kernel-default-extra-debuginfo-3.12.59-60.45.2
kernel-syms-3.12.59-60.45.1
kernel-xen-3.12.59-60.45.2
kernel-xen-debuginfo-3.12.59-60.45.2
kernel-xen-debugsource-3.12.59-60.45.2
kernel-xen-devel-3.12.59-60.45.2
References:
https://www.suse.com/security/cve/CVE-2016-4998.html
https://bugzilla.suse.com/971770
https://bugzilla.suse.com/972124
https://bugzilla.suse.com/981143
https://bugzilla.suse.com/983394
https://bugzilla.suse.com/986362
- ---
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1710-1
Rating: important
References: #986362
Cross-References: CVE-2016-4998
Affected Products:
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The SUSE Linux Enterprise 12 GA kernel was updated to receive one critical
security fix.
Security issue fixed:
- CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables
handling could lead to a local privilege escalation. (bsc#986362)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2016-1013=1
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2016-1013=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2016-1013=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1013=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1013=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1013=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
kernel-default-debuginfo-3.12.60-52.54.2
kernel-default-debugsource-3.12.60-52.54.2
kernel-default-extra-3.12.60-52.54.2
kernel-default-extra-debuginfo-3.12.60-52.54.2
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
kernel-obs-build-3.12.60-52.54.3
kernel-obs-build-debugsource-3.12.60-52.54.3
- SUSE Linux Enterprise Software Development Kit 12 (noarch):
kernel-docs-3.12.60-52.54.3
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
kernel-default-3.12.60-52.54.2
kernel-default-base-3.12.60-52.54.2
kernel-default-base-debuginfo-3.12.60-52.54.2
kernel-default-debuginfo-3.12.60-52.54.2
kernel-default-debugsource-3.12.60-52.54.2
kernel-default-devel-3.12.60-52.54.2
kernel-syms-3.12.60-52.54.1
- SUSE Linux Enterprise Server 12 (x86_64):
kernel-xen-3.12.60-52.54.2
kernel-xen-base-3.12.60-52.54.2
kernel-xen-base-debuginfo-3.12.60-52.54.2
kernel-xen-debuginfo-3.12.60-52.54.2
kernel-xen-debugsource-3.12.60-52.54.2
kernel-xen-devel-3.12.60-52.54.2
- SUSE Linux Enterprise Server 12 (noarch):
kernel-devel-3.12.60-52.54.1
kernel-macros-3.12.60-52.54.1
kernel-source-3.12.60-52.54.1
- SUSE Linux Enterprise Server 12 (s390x):
kernel-default-man-3.12.60-52.54.2
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.60-52.54.2
kernel-ec2-debuginfo-3.12.60-52.54.2
kernel-ec2-debugsource-3.12.60-52.54.2
kernel-ec2-devel-3.12.60-52.54.2
kernel-ec2-extra-3.12.60-52.54.2
kernel-ec2-extra-debuginfo-3.12.60-52.54.2
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-3_12_60-52_54-default-1-2.3
kgraft-patch-3_12_60-52_54-xen-1-2.3
- SUSE Linux Enterprise Desktop 12 (noarch):
kernel-devel-3.12.60-52.54.1
kernel-macros-3.12.60-52.54.1
kernel-source-3.12.60-52.54.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
kernel-default-3.12.60-52.54.2
kernel-default-debuginfo-3.12.60-52.54.2
kernel-default-debugsource-3.12.60-52.54.2
kernel-default-devel-3.12.60-52.54.2
kernel-default-extra-3.12.60-52.54.2
kernel-default-extra-debuginfo-3.12.60-52.54.2
kernel-syms-3.12.60-52.54.1
kernel-xen-3.12.60-52.54.2
kernel-xen-debuginfo-3.12.60-52.54.2
kernel-xen-debugsource-3.12.60-52.54.2
kernel-xen-devel-3.12.60-52.54.2
References:
https://www.suse.com/security/cve/CVE-2016-4998.html
https://bugzilla.suse.com/986362
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV3XP1ox+lLeg9Ub1AQi5eA//Seali0bTtembTeQuLSBsNUeEeWmA2C+0
63kVVvbuKsn9bi4Y4qJMaAZYTYRWMVgJeuxW+kQ0mMRSuY4nk38dWtGtYH4KOjZs
45HayPmdcYqvub061L1Mz8Ih3/7Ln1FTIYxSsJXXsVNp09TwIjCz77YwFRnWe6jU
timOFLBoCxUpu7qXzaxeQTH4CgSHFNHsym7o2WT3dOhUi+/0RraL9A3Bgq2f4xNc
TmLBXq5fznDYFQKpbX5R4+yQrKJEo71w42PucU71vrxkXljFyOT3t5pEmyfOrUkw
70Hu3RReNaUFR3lOXOQVsoUm/WzYdXqZVV2GMzthq2/vNtAJLBUehBIOArj7kseX
H4iAaV/5SlzVvxGT0B837NwGI4M/M31Gbb3ieVeN0XEb5j3ldVYC06F3Z0biT5rG
OFa0fBFOlhnnBPYNrj9VmBQWALW+ZBuRgOfc9Hl5IHEpmKCPJOLbm7u2xWUAGXr6
NO0im/GV5IEXpgZHESKABaIyiWAR5OIHF3ygmkuPv8D6IHHnSw5zTXWspjmmEcsl
7SfYM3XnGGRAvuldE9GBEvpfpa2s1ISgaUIhOvEyVscjv1oToU4skC/J/iS8wods
/yVKAvxI7Ew/WW4ez39NS7CMAm0VyOSAUBFD9222PgN4D+EogMjaBYvEInoGOGh0
X8pUeTlUqq0=
=3W/l
-----END PGP SIGNATURE-----