Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1382-1 Final 1 1 2016-05-23T10:37:47Z current 2016-05-23T10:37:47Z 2016-05-23T10:37:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948). - CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955). - CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956). - CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911). - CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970). - CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418). - CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892). - CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958). - CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124). - CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628). - CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Backport arm64 patches from SLE12-SP1-ARM - Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes. - Revert 'drm/radeon: call hpd_irq_event on resume' (boo#975868). - Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module. - backends: guarantee one time reads of shared ring contents (bsc#957988). - ext4: fix races between buffered IO and collapse / insert range (bsc#972174). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174). - net: thunderx: Use napi_schedule_irqoff() - netback: do not use last request to determine minimum Tx credit (bsc#957988). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html E-Mail link for openSUSE-SU-2016:1382-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 kernel-debug-4.1.21-14.2 kernel-debug-base-4.1.21-14.2 kernel-debug-devel-4.1.21-14.2 kernel-default-4.1.21-14.2 kernel-default-base-4.1.21-14.2 kernel-default-devel-4.1.21-14.2 kernel-devel-4.1.21-14.2 kernel-docs-4.1.21-14.5 kernel-docs-html-4.1.21-14.5 kernel-docs-pdf-4.1.21-14.5 kernel-ec2-4.1.21-14.2 kernel-ec2-base-4.1.21-14.2 kernel-ec2-devel-4.1.21-14.2 kernel-macros-4.1.21-14.2 kernel-obs-build-4.1.21-14.4 kernel-obs-qa-4.1.21-14.2 kernel-obs-qa-xen-4.1.21-14.2 kernel-pae-4.1.21-14.2 kernel-pae-base-4.1.21-14.2 kernel-pae-devel-4.1.21-14.2 kernel-pv-4.1.21-14.2 kernel-pv-base-4.1.21-14.2 kernel-pv-devel-4.1.21-14.2 kernel-source-4.1.21-14.2 kernel-source-vanilla-4.1.21-14.2 kernel-syms-4.1.21-14.2 kernel-vanilla-4.1.21-14.2 kernel-vanilla-devel-4.1.21-14.2 kernel-xen-4.1.21-14.2 kernel-xen-base-4.1.21-14.2 kernel-xen-devel-4.1.21-14.2 kernel-debug-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-debug-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-debug-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-default-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-default-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-default-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-docs-4.1.21-14.5 as a component of openSUSE Leap 42.1 kernel-docs-html-4.1.21-14.5 as a component of openSUSE Leap 42.1 kernel-docs-pdf-4.1.21-14.5 as a component of openSUSE Leap 42.1 kernel-ec2-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-ec2-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-ec2-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-macros-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-obs-build-4.1.21-14.4 as a component of openSUSE Leap 42.1 kernel-obs-qa-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-obs-qa-xen-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pae-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pae-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pae-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pv-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pv-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-pv-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-source-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-source-vanilla-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-syms-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-vanilla-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-vanilla-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-xen-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-xen-base-4.1.21-14.2 as a component of openSUSE Leap 42.1 kernel-xen-devel-4.1.21-14.2 as a component of openSUSE Leap 42.1 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2185 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-2185.html CVE-2016-2185 https://bugzilla.suse.com/971124 SUSE Bug 971124 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2186 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-2186.html CVE-2016-2186 https://bugzilla.suse.com/970958 SUSE Bug 970958 The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2188 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-2188.html CVE-2016-2188 https://bugzilla.suse.com/1067912 SUSE Bug 1067912 https://bugzilla.suse.com/1132190 SUSE Bug 1132190 https://bugzilla.suse.com/970956 SUSE Bug 970956 fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. CVE-2016-2847 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-2847.html CVE-2016-2847 https://bugzilla.suse.com/970948 SUSE Bug 970948 https://bugzilla.suse.com/974646 SUSE Bug 974646 The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. CVE-2016-3136 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3136.html CVE-2016-3136 https://bugzilla.suse.com/970955 SUSE Bug 970955 drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. CVE-2016-3137 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3137.html CVE-2016-3137 https://bugzilla.suse.com/970970 SUSE Bug 970970 The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. CVE-2016-3138 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3138.html CVE-2016-3138 https://bugzilla.suse.com/970911 SUSE Bug 970911 https://bugzilla.suse.com/970970 SUSE Bug 970970 The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-3140 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3140.html CVE-2016-3140 https://bugzilla.suse.com/970892 SUSE Bug 970892 The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. CVE-2016-3156 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3156.html CVE-2016-3156 https://bugzilla.suse.com/971360 SUSE Bug 971360 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. CVE-2016-3689 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3689.html CVE-2016-3689 https://bugzilla.suse.com/971628 SUSE Bug 971628 Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. CVE-2016-3951 openSUSE Leap 42.1:kernel-debug-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-debug-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-default-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-docs-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-html-4.1.21-14.5 openSUSE Leap 42.1:kernel-docs-pdf-4.1.21-14.5 openSUSE Leap 42.1:kernel-ec2-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-ec2-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-macros-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-build-4.1.21-14.4 openSUSE Leap 42.1:kernel-obs-qa-4.1.21-14.2 openSUSE Leap 42.1:kernel-obs-qa-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pae-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-pv-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-4.1.21-14.2 openSUSE Leap 42.1:kernel-source-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-syms-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-4.1.21-14.2 openSUSE Leap 42.1:kernel-vanilla-devel-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-base-4.1.21-14.2 openSUSE Leap 42.1:kernel-xen-devel-4.1.21-14.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html https://www.suse.com/security/cve/CVE-2016-3951.html CVE-2016-3951 https://bugzilla.suse.com/974418 SUSE Bug 974418