SUSE-SU-2018:2374-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Aug 16 07:09:22 MDT 2018
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2374-1
Rating: important
References: #1012382 #1023711 #1064232 #1076110 #1078216
#1082653 #1082979 #1085042 #1085536 #1085657
#1087081 #1087659 #1089343 #1089525 #1090123
#1090340 #1090435 #1090888 #1091107 #1092001
#1092207 #1093777 #1094120 #1094244 #1095453
#1095643 #1096790 #1096978 #1097034 #1097501
#1097771 #1098599 #1099306 #1099713 #1099792
#1099810 #1099858 #1099918 #1099966 #1099993
#1100089 #1100132 #1100340 #1100843 #1100930
#1101296 #1101331 #1101658 #1101789 #1102188
#1102197 #1102203 #1102205 #1102207 #1102211
#1102214 #1102215 #1102340 #1102394 #1102683
#1102851 #1103097 #1103119 #1103580 #1103717
#1103745 #1103884 #1104174 #997935
Cross-References: CVE-2017-18344 CVE-2018-14734 CVE-2018-3620
CVE-2018-3646 CVE-2018-5390 CVE-2018-5391
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 63 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to
receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-3620: Local attackers on baremetal systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data. (bnc#1087081).
- CVE-2018-3646: Local attackers in virtualized guest systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data, even from other virtual
machines or the host system. (bnc#1089343).
- CVE-2018-5391: A flaw in the IP packet reassembly could be used by
remote attackers to consume CPU time (bnc#1103097).
- CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very
expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue()
for every incoming packet which can lead to a denial of service
(bnc#1102340).
- CVE-2018-14734: drivers/infiniband/core/ucma.c allowed
ucma_leave_multicast to access a certain data structure after a cleanup
step in ucma_process_join, which allowed attackers to cause a denial of
service (use-after-free) (bnc#1103119).
- CVE-2017-18344: The timer_create syscall implementation in
kernel/time/posix-timers.c didn't properly validate the
sigevent->sigev_notify field, which leads to out-of-bounds access in the
show_timer function (called when /proc/$PID/timers is read). This
allowed userspace applications to read arbitrary kernel memory (on a
kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)
(bnc#1102851 1103580).
The following non-security bugs were fixed:
- 1wire: family module autoload fails because of upper/lower case mismatch
(bnc#1012382).
- Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978)
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
(bnc#1012382).
- alsa: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).
- alsa: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
(bnc#1012382).
- alsa: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810).
- arm64: do not open code page table entry creation (bsc#1102197).
- arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188).
- arm64: Make sure permission updates happen for pmd/pud (bsc#1102197).
- arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
size (bnc#1012382).
- arm: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382).
- ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).
- ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).
- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
(bnc#1012382).
- ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
(bnc#1012382).
- atm: zatm: fix memcmp casting (bnc#1012382).
- atm: zatm: Fix potential Spectre v1 (bnc#1012382).
- backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).
- backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).
- backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).
- bcache: add backing_request_endio() for bi_end_io (bsc#1064232).
- bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232).
- bcache: add io_disable to struct cached_dev (bsc#1064232).
- bcache: add journal statistic (bsc#1076110).
- bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232).
- bcache: add stop_when_cache_set_failed option to backing device
(bsc#1064232).
- bcache: add wait_for_kthread_stop() in bch_allocator_thread()
(bsc#1064232).
- bcache: Annotate switch fall-through (bsc#1064232).
- bcache: closures: move control bits one bit right (bsc#1076110).
- bcache: correct flash only vols (check all uuids) (bsc#1064232).
- bcache: count backing device I/O error for writeback I/O (bsc#1064232).
- bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232).
- bcache: fix cached_dev->count usage for bch_cache_set_error()
(bsc#1064232).
- bcache: fix crashes in duplicate cache device register (bsc#1076110).
- bcache: fix error return value in memory shrink (bsc#1064232).
- bcache: fix high CPU occupancy during journal (bsc#1076110).
- bcache: Fix, improve efficiency of closure_sync() (bsc#1076110).
- bcache: fix inaccurate io state for detached bcache devices
(bsc#1064232).
- bcache: fix incorrect sysfs output value of strip size (bsc#1064232).
- bcache: Fix indentation (bsc#1064232).
- bcache: Fix kernel-doc warnings (bsc#1064232).
- bcache: fix misleading error message in bch_count_io_errors()
(bsc#1064232).
- bcache: fix using of loop variable in memory shrink (bsc#1064232).
- bcache: fix writeback target calc on large devices (bsc#1076110).
- bcache: fix wrong return value in bch_debug_init() (bsc#1076110).
- bcache: mark closure_sync() __sched (bsc#1076110).
- bcache: move closure debug file into debug directory (bsc#1064232).
- bcache: reduce cache_set devices iteration by devices_max_used
(bsc#1064232).
- bcache: Reduce the number of sparse complaints about lock imbalances
(bsc#1064232).
- bcache: Remove an unused variable (bsc#1064232).
- bcache: ret IOERR when read meets metadata error (bsc#1076110).
- bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n
(bsc#1064232).
- bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232).
- bcache: set dc->io_disable to true in conditional_stop_bcache_device()
(bsc#1064232).
- bcache: set error_limit correctly (bsc#1064232).
- bcache: set writeback_rate_update_seconds in range [1, 60] seconds
(bsc#1064232).
- bcache: stop bcache device when backing device is offline (bsc#1064232).
- bcache: stop dc->writeback_rate_update properly (bsc#1064232).
- bcache: stop writeback thread after detaching (bsc#1076110).
- bcache: store disk name in struct cache and struct cached_dev
(bsc#1064232).
- bcache: Suppress more warnings about set-but-not-used variables
(bsc#1064232).
- bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
(bsc#1064232).
- bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110).
- bcm63xx_enet: correct clock usage (bnc#1012382).
- bcm63xx_enet: do not write to random DMA channel on BCM6345
(bnc#1012382).
- blkcg: simplify statistic accumulation code (bsc#1082979).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: Fix transfer when chunk sectors exceeds max (bnc#1012382).
- block/swim: Fix array bounds check (bsc#1082979).
- bluetooth: Fix connection if directed advertising and privacy is used
(bnc#1012382).
- bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
loader (bnc#1012382).
- bonding: re-evaluate force_primary when the primary slave name changes
(bnc#1012382).
- bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382).
- bpf, x64: fix memleak when not converging after image (bsc#1012382).
- btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).
- btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382).
- btrfs: make raid6 rebuild retry more (bnc#1012382).
- btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).
- cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
(bsc#1099858).
- cachefiles: Fix refcounting bug in backing-file read monitoring
(bsc#1099858).
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
(bsc#1099858).
- cdc_ncm: avoid padding beyond end of skb (bnc#1012382).
- cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123).
- cifs: Fix infinite loop when using hard mount option (bnc#1012382).
- compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
(bnc#1012382).
- compiler, clang: properly override 'inline' for clang (bnc#1012382).
- compiler, clang: suppress warning for unused static inline functions
(bnc#1012382).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline
declarations (bnc#1012382).
- CONFIG_HOTPLUG_SMT=y
- cpufreq: Fix new policy initialization during limits updates via sysfs
(bnc#1012382).
- cpu/hotplug: Add sysfs state interface (bsc#1089343).
- cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
- cpu/hotplug: Split do_cpu_down() (bsc#1089343).
- cpuidle: powernv: Fix promotion from snooze if next state disabled
(bnc#1012382).
- crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
(bnc#1012382).
- crypto: crypto4xx - remove bad list_del (bnc#1012382).
- dm: convert DM printk macros to pr_<level> macros (bsc#1099918).
- dm: fix printk() rate limiting code (bsc#1099918).
- dm thin: handle running out of data space vs concurrent discard
(bnc#1012382).
- dm thin metadata: remove needless work from __commit_transaction
(bsc#1082979).
- drbd: fix access after free (bnc#1012382).
- driver core: Do not ignore class_dir_create_and_add() failure
(bnc#1012382).
- drm/msm: Fix possible null dereference on failure of get_pages()
(bsc#1102394).
- drm: re-enable error handling (bsc#1103884).
- esp6: fix memleak on error path in esp6_input (git-fixes).
- ext4: add more inode number paranoia checks (bnc#1012382).
- ext4: add more mount time checks of the superblock (bnc#1012382).
- ext4: always check block group bounds in ext4_init_block_bitmap()
(bnc#1012382).
- ext4: check superblock mapped prior to committing (bnc#1012382).
- ext4: clear i_data in ext4_inode_info when removing inline data
(bnc#1012382).
- ext4: fix fencepost error in check for inode count overflow during
resize (bnc#1012382).
- ext4: include the illegal physical block in the bad map ext4_error msg
(bnc#1012382).
- ext4: make sure bitmaps and the inode table do not overlap with bg
descriptors (bnc#1012382).
- ext4: only look at the bg_flags field if it is valid (bnc#1012382).
- ext4: update mtime in ext4_punch_hole even if no blocks are released
(bnc#1012382).
- ext4: verify the depth of extent tree in ext4_find_extent()
(bnc#1012382).
- fscache: Allow cancelled operations to be enqueued (bsc#1099858).
- fscache: Fix reference overput in fscache_attach_object() error handling
(bsc#1099858).
- fuse: atomic_o_trunc should truncate pagecache (bnc#1012382).
- fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382).
- fuse: fix control dir setup and teardown (bnc#1012382).
- genirq: Make force irq threading setup more robust (bsc#1082979).
- hid: debug: check length before copy_to_user() (bnc#1012382).
- hid: hiddev: fix potential Spectre v1 (bnc#1012382).
- hid: i2c-hid: Fix "incomplete report" noise (bnc#1012382).
- hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
(bnc#1012382).
- i2c: rcar: fix resume by always initializing registers before transfer
(bnc#1012382).
- ib/isert: fix T10-pi check mask setting (bsc#1082979).
- ibmasm: do not write out of bounds in read handler (bnc#1012382).
- ibmvnic: Fix error recovery on login failure (bsc#1101789).
- ibmvnic: Remove code to request error information (bsc#1104174).
- ibmvnic: Revise RX/TX queue error messages (bsc#1101331).
- ibmvnic: Update firmware error reporting with cause string (bsc#1104174).
- ib/qib: Fix DMA api warning with debug kernel (bnc#1012382).
- iio:buffer: make length types match kfifo types (bnc#1012382).
- input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).
- input: elan_i2c_smbus - fix more potential stack buffer overflows
(bnc#1012382).
- input: elantech - enable middle button of touchpads on ThinkPad P52
(bnc#1012382).
- input: elantech - fix V4 report decoding for module with middle key
(bnc#1012382).
- iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).
- ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).
- ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382).
- ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).
- iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382).
- jbd2: do not mark block as modified if the handle is out of credits
(bnc#1012382).
- kabi protect net/core/utils.c includes (bsc#1095643).
- kABI: protect struct loop_device (kabi).
- kABI: reintroduce __static_cpu_has_safe (kabi).
- kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses
symboles expoted by bcache.
- kbuild: fix # escaping in .cmd files for future Make (bnc#1012382).
- keys: DNS: fix parsing multiple options (bnc#1012382).
- kmod: fix wait on recursive loop (bsc#1099792).
- kmod: reduce atomic operations on kmod_concurrent and simplify
(bsc#1099792).
- kmod: throttle kmod thread limit (bsc#1099792).
- kprobes/x86: Do not modify singlestep buffer while resuming
(bnc#1012382).
- kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215).
- kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214).
- libata: do not try to pass through NCQ commands to non-NCQ devices
(bsc#1082979).
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).
- libata: zpodd: make arrays cdb static, reduces object code size
(bnc#1012382).
- libata: zpodd: small read overflow in eject_tray() (bnc#1012382).
- lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).
- linvdimm, pmem: Preserve read-only setting for pmem devices
(bnc#1012382).
- loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382).
- loop: remember whether sysfs_create_group() was done (bnc#1012382).
- m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
(bnc#1012382).
- media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).
- media: cx25840: Use subdev host data for PLL override (bnc#1012382).
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
(bnc#1012382).
- media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).
- media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).
- mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).
- mips: ftrace: fix static function graph tracing (bnc#1012382).
- mmc: dw_mmc: fix card threshold control configuration (bsc#1102203).
- mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing
(bsc#1097771).
- mm: hugetlb: yield when prepping struct pages (bnc#1012382).
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking
(bnc#1012382).
- mtd: cfi_cmdset_0002: Change definition naming to retry write operation
(bnc#1012382).
- mtd: cfi_cmdset_0002: Change erase functions to check chip good only
(bnc#1012382).
- mtd: cfi_cmdset_0002: Change erase functions to retry for error
(bnc#1012382).
- mtd: cfi_cmdset_0002: Change write buffer to check correct value
(bnc#1012382).
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382).
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
(bnc#1012382).
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382).
- mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS
(bsc#1099918).
- mtd: partitions: add helper for deleting partition (bsc#1099918).
- mtd: partitions: remove sysfs files when deleting all master's
partitions (bsc#1099918).
- mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382).
- net: cxgb3_main: fix potential Spectre v1 (bnc#1012382).
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382).
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
(bnc#1012382).
- netfilter: ebtables: handle string from userspace with care
(bnc#1012382).
- netfilter: ebtables: reject non-bridge targets (bnc#1012382).
- netfilter: nf_log: do not hold nf_log_mutex during user access
(bnc#1012382).
- netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382).
- netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in
nft_do_chain() (bnc#1012382).
- netfilter: x_tables: initialise match/target check parameter struct
(bnc#1012382).
- net/mlx5: Fix command interface race in polling mode (bnc#1012382).
- net/mlx5: Fix incorrect raw command length parsing (bnc#1012382).
- net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207).
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL
(bnc#1012382).
- net: off by one in inet6_pton() (bsc#1095643).
- net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205).
- net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).
- net_sched: blackhole: tell upper qdisc about dropped packets
(bnc#1012382).
- net/sonic: Use dma_mapping_error() (bnc#1012382).
- net: sungem: fix rx checksum support (bnc#1012382).
- net/utils: generic inet_pton_with_scope helper (bsc#1095643).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
(bnc#1012382).
- NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message (bnc#1012382).
- n_tty: Access echo_* variables carefully (bnc#1012382).
- n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382).
- null_blk: use sector_div instead of do_div (bsc#1082979).
- nvme-pci: initialize queue memory before interrupts (bnc#1012382).
- nvme-rdma: Check remotely invalidated rkey matches our expected rkey
(bsc#1092001).
- nvme-rdma: default MR page size to 4k (bsc#1092001).
- nvme-rdma: do not complete requests before a send work request has
completed (bsc#1092001).
- nvme-rdma: do not suppress send completions (bsc#1092001).
- nvme-rdma: Fix command completion race at error recovery (bsc#1090435).
- nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical
(bsc#1092001).
- nvme-rdma: use inet_pton_with_scope helper (bsc#1095643).
- nvme-rdma: Use mr pool (bsc#1092001).
- nvme-rdma: wait for local invalidation before completing a request
(bsc#1092001).
- ocfs2: subsystem.su_mutex is required while accessing the
item->ci_parent (bnc#1012382).
- of: unittest: for strings, account for trailing \0 in property length
field (bnc#1012382).
- ovl: fix random return value on mount (bsc#1099993).
- ovl: fix uid/gid when creating over whiteout (bsc#1099993).
- ovl: override creds with the ones from the superblock mounter
(bsc#1099993).
- pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132).
- pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume (bnc#1012382).
- perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
TIP (bnc#1012382).
- perf intel-pt: Fix MTC timing after overflow (bnc#1012382).
- perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).
- perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382).
- perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382).
- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
(bnc#1012382).
- perf tools: Move syscall number fallbacks from perf-sys.h to
tools/arch/x86/include/asm/ (bnc#1012382).
- PM / hibernate: Fix oops at snapshot_write() (bnc#1012382).
- powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244,
bsc#1100930, bsc#1102683).
- powerpc/64s: Exception macro for stack frame and initial register save
(bsc#1094244).
- powerpc/64s: Fix mce accounting for powernv (bsc#1094244).
- powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).
- powerpc: Machine check interrupt is a non-maskable interrupt
(bsc#1094244).
- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
(bnc#1012382).
- powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).
- powerpc/ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG (bnc#1012382).
- qed: Limit msix vectors in kdump kernel to the minimum required count
(bnc#1012382).
- qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).
- qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).
- qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).
- r8152: napi hangup fix after disconnect (bnc#1012382).
- RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).
- RDMA/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979).
- RDMA/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979).
- RDMA/ucm: Mark UCM interface as BROKEN (bnc#1012382).
- rds: avoid unenecessary cong_update in loop transport (bnc#1012382).
- restore cond_resched() in shrink_dcache_parent() (bsc#1098599).
- Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue'
(bsc#1103717
- Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382).
- Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382).
- Revert "x86/cpufeature: Move some of the scattered feature bits to
x86_capability" (kabi).
- Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi).
- rmdir(),rename(): do shrink_dcache_parent() only on success
(bsc#1100340).
- rpm/config.sh: Add support for non-default upstream URL Currently the
scripts assume Linus' tree as the upstream URL where to pull things
from. One may want to package test kernels from other upstream repos.
Add support to add an URL to config.sh.
- rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382).
- run_oldconfig.sh: Add --olddefconfig as an alias to --yes On later
kernels there is the make target 'olddefconfig'. This is equvalent to
what the '--yes' option does. Therefore, add the option '--olddefconfig'
as an alias.
- s390: Correct register corruption in critical section cleanup
(bnc#1012382).
- s390/qeth: fix error handling in adapter command callbacks (bnc#1103745,
LTC#169699).
- sched/smt: Update sched_smt_present at runtime (bsc#1089343).
- sched/sysctl: Check user input value of sysctl_sched_time_avg
(bsc#1100089).
- scsi: lpfc: Change IO submit return to EBUSY if remote port is
recovering (bsc#1092207).
- scsi: lpfc: correct oversubscription of nvme io requests for an adapter
(bsc#1095453).
- scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt
(bsc#1092207).
- scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).
- scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).
- scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc
(bsc#1095453).
- scsi: lpfc: Fix MDS diagnostics failure (Rx < Tx) (bsc#1095453).
- scsi: lpfc: Fix port initialization failure (bsc#1095453).
- scsi: lpfc: Fix up log messages and stats counters in IO submit code
path (bsc#1092207).
- scsi: lpfc: Handle new link fault code returned by adapter firmware
(bsc#1092207).
- scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).
- scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).
- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
(bnc#1012382).
- scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'
(bsc#1082979).
- scsi: sg: fix minor memory leak in error path (bsc#1082979).
- scsi: sg: mitigate read/write abuse (bsc#1101296).
- scsi: target: fix crash with iscsi target and dvd (bsc#1082979).
- scsi: zfcp: fix misleading REC trigger trace where erp_action setup
failed (LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
(LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
(LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
return (LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
(LTC#168765 bnc#1012382 bnc#1099713).
- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
(LTC#168765 bnc#1012382 bnc#1099713).
- serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
version (bnc#1012382).
- signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382).
- smsc75xx: Add workaround for gigabit link up hardware errata
(bsc#1100132).
- smsc95xx: Configure pause time to 0xffff when tx flow control enabled
(bsc#1085536).
- spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382).
- staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382).
- staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
(bnc#1012382).
- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
(bnc#1012382).
- tcp: fix Fast Open key endianness (bnc#1012382).
- tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382).
- tcp: verify the checksum of the first data segment in a new connection
(bnc#1012382).
- time: Make sure jiffies_to_msecs() preserves non-zero time periods
(bnc#1012382).
- tracing: Fix missing return symbol in function_graph output
(bnc#1012382).
- ubi: fastmap: Cancel work upon detach (bnc#1012382).
- ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382).
- ubifs: Fix potential integer overflow in allocation (bnc#1012382).
- udf: Detect incorrect directory size (bnc#1012382).
- Update config files. CONFIG_X86_FAST_FEATURE_TESTS=y
- uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
(bnc#1012382).
- usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382).
- usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132).
- usb: do not reset if a low-speed or full-speed device timed out
(bnc#1012382).
- usb: musb: fix remote wakeup racing with suspend (bnc#1012382).
- usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382).
- usb: serial: ch341: fix type promotion bug in ch341_control_in()
(bnc#1012382).
- usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick
(bnc#1012382).
- usb: serial: cp210x: add CESINEL device ids (bnc#1012382).
- usb: serial: cp210x: add Silicon Labs IDs for Windows Update
(bnc#1012382).
- usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382).
- usb: serial: mos7840: fix status-register error handling (bnc#1012382).
- usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382).
- vfio: platform: Fix reset module leak in error path (bsc#1102211).
- vhost_net: validate sock before trying to put its fd (bnc#1012382).
- video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in
stifb_init_fb() (bsc#1090888 bsc#1099966).
- video: uvesafb: Fix integer overflow in allocation (bnc#1012382).
- vmw_balloon: fix inflation with batching (bnc#1012382).
- w1: mxc_w1: Enable clock before calling clk_get_rate() on it
(bnc#1012382).
- wait: add wait_event_killable_timeout() (bsc#1099792).
- watchdog: da9063: Fix setting/changing timeout (bsc#1100843).
- watchdog: da9063: Fix timeout handling during probe (bsc#1100843).
- watchdog: da9063: Fix updating timeout value (bsc#1100843).
- x86/alternatives: Add an auxilary section (bnc#1012382).
- x86/alternatives: Discard dynamic check after init (bnc#1012382).
- x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
- x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
(bnc#1012382).
- x86/boot: Simplify kernel load address alignment check (bnc#1012382).
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
(bsc#1089343).
- x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
(bsc#1089343). Update config files.
- x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
- x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
- x86/cpufeature: Add helper macro for mask check macros (bnc#1012382).
- x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382).
- x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382).
- x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
(bnc#1012382).
- x86/cpufeature: Move some of the scattered feature bits to
x86_capability (bnc#1012382).
- x86/cpufeature: Replace the old static_cpu_has() with safe variant
(bnc#1012382).
- x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382).
- x86/cpufeature: Update cpufeaure macros (bnc#1012382).
- x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382).
- x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382).
- x86/cpu: Remove the pointless CPU printout (bsc#1089343).
- x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
- x86/fpu: Add an XSTATE_OP() macro (bnc#1012382).
- x86/fpu: Get rid of xstate_fault() (bnc#1012382).
- x86/headers: Do not include asm/processor.h in asm/atomic.h
(bnc#1012382).
- x86/mce: Fix incorrect "Machine check from unknown source" message
(bnc#1012382).
- x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382).
- x86/mm: Simplify p[g4um]d_page() macros (1087081).
- x86/smpboot: Do not use smp_num_siblings in __max_logical_packages
calculation (bsc#1089343).
- x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
- x86/topology: Add topology_max_smt_threads() (bsc#1089343).
- x86/topology: Provide topology_smt_supported() (bsc#1089343).
- x86/vdso: Use static_cpu_has() (bnc#1012382).
- xen/grant-table: log the lack of grants (bnc#1085042).
- xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658).
- xen-netfront: Update features after registering netdev (bnc#1101658).
- xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382).
- xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382).
- xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).
- xfrm: skip policies marked as dead while rehashing (bnc#1012382).
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1606=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1606=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
kernel-docs-azure-4.4.143-4.13.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
kernel-devel-azure-4.4.143-4.13.1
kernel-source-azure-4.4.143-4.13.1
- SUSE Linux Enterprise Server 12-SP3 (x86_64):
kernel-azure-4.4.143-4.13.1
kernel-azure-base-4.4.143-4.13.1
kernel-azure-base-debuginfo-4.4.143-4.13.1
kernel-azure-debuginfo-4.4.143-4.13.1
kernel-azure-debugsource-4.4.143-4.13.1
kernel-azure-devel-4.4.143-4.13.1
References:
https://www.suse.com/security/cve/CVE-2017-18344.html
https://www.suse.com/security/cve/CVE-2018-14734.html
https://www.suse.com/security/cve/CVE-2018-3620.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://www.suse.com/security/cve/CVE-2018-5390.html
https://www.suse.com/security/cve/CVE-2018-5391.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1023711
https://bugzilla.suse.com/1064232
https://bugzilla.suse.com/1076110
https://bugzilla.suse.com/1078216
https://bugzilla.suse.com/1082653
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1085042
https://bugzilla.suse.com/1085536
https://bugzilla.suse.com/1085657
https://bugzilla.suse.com/1087081
https://bugzilla.suse.com/1087659
https://bugzilla.suse.com/1089343
https://bugzilla.suse.com/1089525
https://bugzilla.suse.com/1090123
https://bugzilla.suse.com/1090340
https://bugzilla.suse.com/1090435
https://bugzilla.suse.com/1090888
https://bugzilla.suse.com/1091107
https://bugzilla.suse.com/1092001
https://bugzilla.suse.com/1092207
https://bugzilla.suse.com/1093777
https://bugzilla.suse.com/1094120
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1095453
https://bugzilla.suse.com/1095643
https://bugzilla.suse.com/1096790
https://bugzilla.suse.com/1096978
https://bugzilla.suse.com/1097034
https://bugzilla.suse.com/1097501
https://bugzilla.suse.com/1097771
https://bugzilla.suse.com/1098599
https://bugzilla.suse.com/1099306
https://bugzilla.suse.com/1099713
https://bugzilla.suse.com/1099792
https://bugzilla.suse.com/1099810
https://bugzilla.suse.com/1099858
https://bugzilla.suse.com/1099918
https://bugzilla.suse.com/1099966
https://bugzilla.suse.com/1099993
https://bugzilla.suse.com/1100089
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1100340
https://bugzilla.suse.com/1100843
https://bugzilla.suse.com/1100930
https://bugzilla.suse.com/1101296
https://bugzilla.suse.com/1101331
https://bugzilla.suse.com/1101658
https://bugzilla.suse.com/1101789
https://bugzilla.suse.com/1102188
https://bugzilla.suse.com/1102197
https://bugzilla.suse.com/1102203
https://bugzilla.suse.com/1102205
https://bugzilla.suse.com/1102207
https://bugzilla.suse.com/1102211
https://bugzilla.suse.com/1102214
https://bugzilla.suse.com/1102215
https://bugzilla.suse.com/1102340
https://bugzilla.suse.com/1102394
https://bugzilla.suse.com/1102683
https://bugzilla.suse.com/1102851
https://bugzilla.suse.com/1103097
https://bugzilla.suse.com/1103119
https://bugzilla.suse.com/1103580
https://bugzilla.suse.com/1103717
https://bugzilla.suse.com/1103745
https://bugzilla.suse.com/1103884
https://bugzilla.suse.com/1104174
https://bugzilla.suse.com/997935
More information about the sle-security-updates
mailing list