The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl . - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges . - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application . - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution . - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI enabled . - CVE-2015-8569: The pptp_bind and pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application . - CVE-2015-8575: Validate socket address length in sco_sock_bind to prevent information leak . The following non-security bugs were fixed: - ACPICA: Correctly cleanup after a ACPI table load failure . - ALSA: hda - Fix noise problems on Thinkpad T440s . - Input: aiptek - fix crash on detecting device without endpoints . - Re-add copy_page_vector_to_user - Refresh patches.xen/xen3-patch-3.12.46-47 . - Refresh patches.xen/xen3-patch-3.9 . - Update patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction -.patch . - bcache: Add btree_insert_node . - bcache: Add explicit keylist arg to btree_insert . - bcache: Clean up keylist code . - bcache: Convert btree_insert_check_key to btree_insert_node . - bcache: Convert bucket_wait to wait_queue_head_t . - bcache: Convert try_wait to wait_queue_head_t . - bcache: Explicitly track btree node"s parent . - bcache: Fix a bug when detaching . - bcache: Fix a lockdep splat in an error path . - bcache: Fix a shutdown bug . - bcache: Fix more early shutdown bugs . - bcache: Fix sysfs splat on shutdown with flash only devs . - bcache: Insert multiple keys at a time . - bcache: Refactor journalling flow control . - bcache: Refactor request_write . - bcache: Use blkdev_issue_discard . - bcache: backing device set to clean after finishing detach . - bcache: kill closure locking usage . - blktap: also call blkif_disconnect when frontend switched to closed . - blktap: refine mm tracking . - block: Always check queue limits for cloned requests . - btrfs: Add qgroup tracing . - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more . - btrfs: Fix out-of-space bug . - btrfs: Fix tail space processing in find_free_dev_extent . - btrfs: Set relative data on clear btrfs_block_group_cache->pinned . - btrfs: Update btrfs qgroup status item when rescan is done . - btrfs: backref: Add special time_seq == -1 case for btrfs_find_all_roots . - btrfs: backref: Do not merge refs which are not for same block . - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space . - btrfs: delayed-ref: Cleanup the unneeded functions . - btrfs: delayed-ref: Use list to replace the ref_root in ref_head . - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref and __free_extent . - btrfs: fix comp_oper to get right order . - btrfs: fix condition of commit transaction . - btrfs: fix leak in qgroup_subtree_accounting error path . - btrfs: fix order by which delayed references are run . - btrfs: fix qgroup sanity tests . - btrfs: fix race waiting for qgroup rescan worker . - btrfs: fix regression running delayed references when using qgroups . - btrfs: fix regression when running delayed references . - btrfs: fix sleeping inside atomic context in qgroup rescan worker . - btrfs: fix the number of transaction units needed to remove a block group . - btrfs: keep dropped roots in cache until transaction commit . - btrfs: qgroup: Add function qgroup_update_counters . - btrfs: qgroup: Add function qgroup_update_refcnt . - btrfs: qgroup: Add new function to record old_roots . - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents . - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots . - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read . - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism . - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan . - btrfs: qgroup: Fix a regression in qgroup reserved space . - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup . - btrfs: qgroup: Record possible quota-related extent for qgroup . - btrfs: qgroup: Switch rescan to new mechanism . - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism . - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism . - btrfs: qgroup: account shared subtree during snapshot delete . - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota . - btrfs: qgroup: exit the rescan worker during umount . - btrfs: qgroup: fix quota disable during rescan . - btrfs: qgroup: move WARN_ON to the correct location . - btrfs: remove transaction from send . - btrfs: ulist: Add ulist_del function . - btrfs: use btrfs_get_fs_root in resolve_indirect_ref . - btrfs: use global reserve when deleting unused block group after ENOSPC . - cache: Fix sysfs splat on shutdown with flash only devs . - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets . - drm/i915: Fix SRC_COPY width on 830/845g . - drm: Allocate new master object when client becomes master . - drm: Fix KABI of "struct drm_file" . - e1000e: Do not read ICR in Other interrupt . - e1000e: Do not write lsc to ics in msi-x mode . - e1000e: Fix msi-x interrupt automask . - e1000e: Remove unreachable code . - genksyms: Handle string literals with spaces in reference files . - ipv6: fix tunnel error handling . - lpfc: Fix null ndlp dereference in target_reset_handler . - mm/mempolicy.c: convert the shared_policy lock to a rwlock . - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE . - pm, hinernate: use put_page in release_swap_writer . - sched, isolcpu: make cpu_isolated_map visible outside scheduler . - udp: properly support MSG_PEEK with truncated buffers . - xhci: Workaround to get Intel xHCI reset working more reliably .