The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service . * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov . * CVE-2015-5364: The udp_recvmsg and udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service via incorrect checksums within a UDP packet flood . * CVE-2015-5366: The udp_recvmsg and udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 . * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function . * CVE-2015-1805: The pipe_read and pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service or possibly gain privileges via a crafted application, aka an I/O vector array overrun. * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service by disabling the memory or I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request response. * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the fork or close system call, as demonstrated by an attack against seccomp before 3.16. * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler . * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service via a crafted UDF filesystem . * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 , as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c . * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service via a crafted UDF filesystem image . * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service via a crafted UDF filesystem image . * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target"s name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c . The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption . - Btrfs: be aware of btree inode write errors to avoid fs corruption . - Btrfs: check if previous transaction aborted to avoid fs corruption . - Btrfs: check if previous transaction aborted to avoid fs corruption . - Btrfs: deal with convert_extent_bit errors to avoid fs corruption . - Btrfs: deal with convert_extent_bit errors to avoid fs corruption . - Btrfs: fix hang when failing to submit bio of directIO . - Btrfs: fix memory corruption on failure to submit bio for direct IO . - Btrfs: fix put dio bio twice when we submit dio bio fail . - DRM/I915: Add enum hpd_pin to intel_encoder . - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders . - DRM/i915: Get rid of the "hotplug_supported_mask" in struct drm_i915_private . - DRM/i915: Remove i965_hpd_irq_setup . - DRM/i915: Remove valleyview_hpd_irq_setup . - Ext4: handle SEEK_HOLE/SEEK_DATA generically . - IB/core: Fix mismatch between locked and pinned pages . - IB/iser: Add Discovery support . - IB/iser: Move informational messages from error to info level . - NFS: never queue requests with rq_cong set on the sending queue . - NFSD: Fix nfsv4 opcode decoding error . - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error . - PCI: Disable Bus Master only on kexec reboot . - PCI: Disable Bus Master unconditionally in pci_device_shutdown . - PCI: Do not try to disable Bus Master on disconnected PCI devices . - PCI: Lock down register access when trusted_kernel is true . - PCI: disable Bus Master on PCI device shutdown . - USB: xhci: Reset a halted endpoint immediately when we encounter a stall . - USB: xhci: do not start a halted endpoint before its new dequeue is set . - Apparmor: fix file_permission if profile is updated . - block: Discard bios do not have data . - cifs: Fix missing crypto allocation . - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler . - drm/i915: init HPD interrupt storm statistics . - drm/i915: Add HPD IRQ storm detection . - drm/i915: Add Reenable Timer to turn Hotplug Detection back on . - drm/i915: Add bit field to record which pins have received HPD events . - drm/i915: Add messages useful for HPD storm detection debugging . - drm/i915: Avoid race of intel_crt_detect_hotplug with HPD interrupt . - drm/i915: Disable HPD interrupt on pin when irq storm is detected . - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms . - drm/i915: Enable hotplug interrupts after querying hw capabilities . - drm/i915: Fix hotplug interrupt enabling for SDVOC . - drm/i915: Fix up sdvo hpd pins for i965g/gm . - drm/i915: Make hpd arrays big enough to avoid out of bounds access . - drm/i915: Mask out the HPD irq bits before setting them individually . - drm/i915: Only print hotplug event message when hotplug bit is set . - drm/i915: Only reprobe display on encoder which has received an HPD event . - drm/i915: Queue reenable timer also when enable_hotplug_processing is false . - drm/i915: Remove pch_rq_mask from struct drm_i915_private . - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler . - drm/i915: WARN_ONCE about unexpected interrupts for all chipsets . - drm/i915: assert_spin_locked for pipestat interrupt enable/disable . - drm/i915: clear crt hotplug compare voltage field before setting . - drm/i915: close tiny race in the ilk pcu even interrupt setup . - drm/i915: fix hotplug event bit tracking . - drm/i915: fix hpd interrupt register locking . - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock . - drm/i915: fix locking around ironlake_enable|disable_display_irq . - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler . - drm/i915: fold the no-irq check into intel_hpd_irq_handler . - drm/i915: fold the queue_work into intel_hpd_irq_handler . - drm/i915: implement ibx_hpd_irq_setup . - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ . - drm/mgag200: Do not do full cleanup if mgag200_device_init fails . - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler . - drm: ast,cirrus,mgag200: use drm_can_sleep . - ehci-pci: enable interrupt on BayTrail . - exec: kill the unnecessary mm-def_flags setting in load_elf_binary (bsc#936637(bsc#935053(bnc#937855(bnc#886785bnc#930092(bnc#930092(bnc#937256(bsc#935055(bsc#935055(bsc#935055(bsc#935055(bnc#920016((bsc#940925(bsc#935866(bsc#935866(bsc#936118bsc#927355bsc920110((((bnc#937444(bnc#943477, LTC#129509bnc#926953(bsc#923245bsc#923002((bsc#939994((bsc#894936((bsc#938485(bsc#927355(VM Performance(VM Functionality, bnc#931620(VM Functionality(VM Functionality, bnc#931620(VM Performance, bnc#931620(VM Performance, bnc#931620(bnc#929143(VM Performance, bnc#931620(VM Performance, bnc#931620(bnc#920016(bnc#936077(VM Functionality, bnc#931620(bsc#927355(bsc#873385bsc#867362(bsc#867362bsc#932350(bnc#937503(bnc#925881(bnc#924701(bnc#924701(FATE#309111, bnc#924701(bnc#925903bsc#927355(bnc#777565 FATE#313819(bnc#777565 FATE#313819(bsc#929142(bsc#929142(bsc#936095(bsc#942305(bnc#940966, LTC#128595((bnc#921430(bnc#933936(bnc#942204(bsc#923002((bsc#920733(bsc#923002((bnc#940398 bsc#930934(bsc#920733(bsc#923002(bsc#940338(bsc#936875(bsc#932882(bsc#933907(bnc#937641bnc#933721(CEC(bnc#933721(bsc#936423(fwd(bug#936423(fwd(bug#936423(fwd(bug#936423(bsc#920250bsc#920250bsc#929076(bsc#937032bnc#942605(bnc#925705(bnc#933721(bnc#933721bnc#933721(bnc#933721(bnc#933721bnc#933721(bnc#933721(bnc#933721(bnc#933721(bnc#936921, bnc#936925, LTC#126491