The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes.
This update contains the following feature enablements: - The remote block device (rbd) and ceph drivers have been enabled and are now supported. (FATE#318350) These can be used e.g. for accessing the SUSE Enterprise Storage product services.
Following security issues were fixed: - CVE-2014-9419: The _switchto function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 did not ensure that Thread Local Storage (TLS) descriptors were loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326).
CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system.
CVE-2014-8160: The connection tracking module could be bypassed if a specific protocol module was not loaded, e.g. allowing SCTP traffic while the firewall should have filtered it.
CVE-2014-9584: The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654).
The following non-security bugs were fixed: - audit: Allow login in non-init namespaces (bnc#916107). - btrfs: avoid unnecessary switch of path locks to blocking mode. - btrfs: fix directory inconsistency after fsync log replay (bnc#915425). - btrfs: fix fsync log replay for inodes with a mix of regular refs and extrefs (bnc#915425). - btrfs: fix fsync race leading to ordered extent memory leaks (bnc#917128). - btrfs: fix fsync when extend references are added to an inode (bnc#915425). - btrfs: fix missing error handler if submiting re-read bio fails. - btrfs: fix race between transaction commit and empty block group removal (bnc#915550). - btrfs: fix scrub race leading to use-after-free (bnc#915456). - btrfs: fix setupleafforsplit() to avoid leaf corruption (bnc#915454). - btrfs: improve free space cache management and space allocation. - btrfs: make btrfssearchforward return with nodes unlocked. - btrfs: scrub, fix sleep in atomic context (bnc#915456). - btrfs: unlock nodes earlier when inserting items in a btree. - drm/i915: On G45 enable cursor plane briefly after enabling the display plane (bnc#918161). - Fix Module.supported handling for external modules (bnc#905304). - keys: close race between key lookup and freeing (bnc#912202). - msi: also reject resource with flags all clear. - pci: Add ACS quirk for Emulex NICs (bug#917089). - pci: Add ACS quirk for Intel 10G NICs (bug#917089). - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089). - Refresh other Xen patches (bsc#909829). - Update patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patch (bnc#895805). - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322). - be2net: refactor code that checks flash file compatibility (bug#908322). - ceph: Add necessary clean up if invalid reply received in handlereply() (bsc#918255). - crush: CHOOSELEAF -> CHOOSELEAF throughout (bsc#918255). - crush: add SETCHOOSETRIES rule step (bsc#918255). - crush: add note about r in recursive choose (bsc#918255). - crush: add setchooselocal[fallback]tries steps (bsc#918255). - crush: apply chooseleaftries to firstn mode too (bsc#918255). - crush: attempts -> tries (bsc#918255). - crush: clarify numrep vs endpos (bsc#918255). - crush: eliminate CRUSHMAXSET result size limitation (bsc#918255). - crush: factor out (trivial) crushdestroyrule() (bsc#918255). - crush: fix crushchoosefirstn comment (bsc#918255). - crush: fix some comments (bsc#918255). - crush: generalize descendonce (bsc#918255). - crush: new SETCHOOSELEAFTRIES command (bsc#918255). - crush: pass parent r value for indep call (bsc#918255). - crush: pass weight vector size to map function (bsc#918255). - crush: reduce scope of some local variables (bsc#918255). - crush: return CRUSHITEMUNDEF for failed placements with indep (bsc#918255). - crush: strip firstn conditionals out of crushchoose, rename (bsc#918255). - crush: use breadth-first search for indep mode (bsc#918255). - crypto: drbg - panic on continuous self test error (bsc#905482). - dasd: List corruption in error recovery (bnc#914291, LTC#120865). - epoll: optimize setting task running after blocking (epoll-performance). - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543 (bsc#914126,bsc#914457). - fips: _driver-gcm-aes-aesni needs to be listed explicitly inside the testmgr.c file (bsc#914457). - flowdissector: add tipc support (bnc#916513). - hotplug, powerpc, x86: Remove cpuhotplugdriverlock() (bsc#907069). - hyperv: Add support for vNIC hot removal. - kernel: incorrect clockgettime result (bnc#914291, LTC#121184). - kvm: iommu: Add condresched to legacy device assignment code (bsc#898687). - libceph: CEPHOSDFLAG* enum update (bsc#918255). - libceph: add cephkv{malloc,free}() and switch to them (bsc#918255). - libceph: add cephpgpoolbyid() (bsc#918255). - libceph: all features fields must be u64 (bsc#918255). - libceph: dout() is missing a newline (bsc#918255). - libceph: factor out logic from cephosdcstartrequest() (bsc#918255). - libceph: fix error handling in cephosdcinit() (bsc#918255). - libceph: follow redirect replies from osds (bsc#918255). - libceph: follow {read,write}tier fields on osd request submission (bsc#918255). - libceph: introduce and start using oid abstraction (bsc#918255). - libceph: rename MAXOBJNAMESIZE to CEPHMAXOIDNAMELEN (bsc#918255). - libceph: rename cephosdrequest::r{oloc,oid} to rbase{oloc,oid} (bsc#918255). - libceph: replace cephcalccephpg() with cepholocoidtopg() (bsc#918255). - libceph: start using oloc abstraction (bsc#918255). - libceph: take mapsem for read in handlereply() (bsc#918255). - libceph: update cephfeatures.h (bsc#918255). - libceph: use CEPHMONPORT when the specified port is 0 (bsc#918255). - locking/mutex: Explicitly mark task as running after wakeup (mutex scalability). - locking/osq: No need for load/acquire when acquire-polling (mutex scalability). - locking/rtmutex: Optimize setting task running after being blocked (mutex scalability). - mm/compaction: fix wrong order check in compactfinished() (VM Performance, bnc#904177). - mm/compaction: stop the isolation when we isolate enough freepage (VM Performance, bnc#904177). - mm: fix negative nrisolated counts (VM Performance). - mutex-debug: Always clear owner field upon mutexunlock() (mutex bugfix). - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes (bsc#918255). - net: allow macvlans to move to net namespace (bnc#915660). - net:socket: set msgnamelen to 0 if msgname is passed as NULL in msghdr struct from userland (bnc#900270). - nfsprimedcache needs fh to be set (bnc#908069 bnc#896484). - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255). Update references. - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon (bsc#915188). - pvscsi: support suspend/resume (bsc#902286). - random: account for entropy loss due to overwrites (bsc#904883,bsc#904901). - random: allow fractional bits to be tracked (bsc#904883,bsc#904901). - random: statically compute poolbitshift, poolbytes, poolbits (bsc#904883,bsc#904901). - rbd: add '^A' sysfs rbd device attribute (bsc#918255). - rbd: add support for single-major device number allocation scheme (bsc#918255). - rbd: enable extended devt in single-major mode (bsc#918255). - rbd: introduce rbddevheaderunwatchsync() and switch to it (bsc#918255). - rbd: rbddevice::devid is an int, format it as such (bsc#918255). - rbd: refactor rbdinit() a bit (bsc#918255). - rbd: switch to ida for rbd id assignments (bsc#918255). - rbd: tear down watch request if rbddevdevicesetup() fails (bsc#918255). - rbd: tweak 'loaded' message and module description (bsc#918255). - rbd: wire up isvisible() sysfs callback for rbd bus (bsc#918255). - rpm/kernel-binary.spec.in: Own the modules directory in the devel package (bnc#910322) - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608). - s390/dasd: remove unused code (bnc#914291, LTC#120608). - sched/Documentation: Remove unneeded word (mutex scalability). - sched/completion: Add lock-free checking of the blocking case (scheduler scalability). - scsifront: avoid acquiring same lock twice if ring is full. - scsifront: do not use bitfields for indicators modified under different locks. - swiotlb: Warn on allocation failure in swiotlballoccoherent (bsc#905783). - uas: Add NOATA1X for VIA VL711 devices (bnc#914254). - uas: Add USFLNOATA1X for 2 more Seagate disk enclosures (bnc#914254). - uas: Add USFLNOATA1X for Seagate devices with usb-id 0bc2:a013 (bnc#914254). - uas: Add USFLNOATA1X quirk for 1 more Seagate model (bnc#914254). - uas: Add USFLNOATA1X quirk for 2 more Seagate models (bnc#914254). - uas: Add USFLNOATA1X quirk for Seagate (0bc2:ab20) drives (bnc#914254). - uas: Add a quirk for rejecting ATA12 and ATA16 commands (bnc#914254). - uas: Add missing le16tocpu calls to asm1051 / asm1053 usb-id check (bnc#914294). - uas: Add no-report-opcodes quirk (bnc#914254). - uas: Disable uas on ASM1051 devices (bnc#914294). - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294). - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464). - uas: disable UAS on Apricorn SATA dongles (bnc#914300). - usb-storage: support for more than 8 LUNs (bsc#906196). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783). - x86, swiotlb: Try coherent allocations with _GFPNOWARN (bsc#905783). - x86/hpet: Make boothpetdisable extern (bnc#916646). - x86/intel: Add quirk to disable HPET for the Baytrail platform (bnc#916646). - x86: irq: Check for valid irq descriptor incheckirqvectorsforcpudisable (bnc#914726). - x86: irq: Check for valid irq descriptor in checkirqvectorsforcpudisable (bnc#914726). - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers (bnc#914112). - zcrypt: Number of supported ap domains is not retrievable (bnc#914291, LTC#120788).
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-default-extra": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-default-extra": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-default-extra": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-default-extra": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }
{ "binaries": [ { "kernel-macros": "3.12.38-44.1", "kernel-devel": "3.12.38-44.1", "kernel-default-base": "3.12.38-44.1", "kernel-default-man": "3.12.38-44.1", "kernel-xen-devel": "3.12.38-44.1", "kernel-default": "3.12.38-44.1", "kernel-source": "3.12.38-44.1", "kernel-xen-base": "3.12.38-44.1", "kernel-syms": "3.12.38-44.1", "kernel-default-devel": "3.12.38-44.1", "kernel-xen": "3.12.38-44.1" } ] }