SUSE-SU-2017:2956-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Nov 8 13:08:44 MST 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2956-1
Rating:             important
References:         #1005917 #1006180 #1011913 #1012382 #1012829 
                    #1013887 #1018419 #1019151 #1020645 #1020657 
                    #1020685 #1021424 #1022476 #1022743 #1023175 
                    #1024405 #1028173 #1028286 #1028819 #1029693 
                    #1030552 #1030850 #1031515 #1031717 #1031784 
                    #1033587 #1034048 #1034075 #1034762 #1036303 
                    #1036632 #1037344 #1037404 #1037994 #1038078 
                    #1038583 #1038616 #1038792 #1038846 #1038847 
                    #1039354 #1039915 #1040307 #1040351 #1041958 
                    #1042286 #1042314 #1042422 #1042778 #1043652 
                    #1044112 #1044636 #1045154 #1045563 #1045922 
                    #1046682 #1046821 #1046985 #1047027 #1047048 
                    #1047096 #1047118 #1047121 #1047152 #1047277 
                    #1047343 #1047354 #1047487 #1047651 #1047653 
                    #1047670 #1048155 #1048221 #1048317 #1048891 
                    #1048893 #1048914 #1048934 #1049226 #1049483 
                    #1049486 #1049580 #1049603 #1049645 #1049882 
                    #1050061 #1050188 #1051022 #1051059 #1051239 
                    #1051399 #1051478 #1051479 #1051556 #1051663 
                    #1051790 #1052049 #1052223 #1052311 #1052365 
                    #1052533 #1052580 #1052709 #1052773 #1052794 
                    #1052888 #1053117 #1053802 #1053915 #1054084 
                    #1055013 #1055096 #1055359 #1056261 #1056588 
                    #1056827 #1056982 #1057015 #1057389 #1058038 
                    #1058116 #1058507 #963619 #964063 #964944 
                    #971975 #974215 #981309 #988784 #993890 
Cross-References:   CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251
                    CVE-2017-1000252 CVE-2017-1000365 CVE-2017-10810
                    CVE-2017-11472 CVE-2017-11473 CVE-2017-12134
                    CVE-2017-12154 CVE-2017-14051 CVE-2017-14106
                    CVE-2017-7518 CVE-2017-7533 CVE-2017-7541
                    CVE-2017-7542 CVE-2017-8831
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP2
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 113 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to
   receive various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
     arguments and environmental strings passed through
     RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
     argument and environment pointers into account, which allowed attackers
     to bypass this limitation (bnc#1039354)
   - CVE-2017-1000112: Prevent race condition in net-packet code that could
     have been exploited by unprivileged users to gain root access.
     (bnc#1052311)
   - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack
     overflow vulnerability in the processing of L2CAP configuration
      responses resulting in remote code execution in kernel space
      (bnc#1057389)
   - CVE-2017-14051: An integer overflow in the
     qla2x00_sysfs_write_optrom_ctl function in
     drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of
     service (memory corruption and system crash) by leveraging root access
     (bnc#1056588)
   - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause
     a denial of service (out-of-bounds array access) or possibly have
     unspecified
     other impact by changing a certain sequence-number value, aka a "double
      fetch" vulnerability (bnc#1037994)
   - CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged
     users using KVM to cause DoS on Intel systems (bsc#1058038).
   - CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE
     (bsc#1052365).
   - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in
     drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a
     denial of service (memory consumption) by triggering
     object-initialization failures (bnc#1047277).
   - CVE-2017-11472: The acpi_ns_terminate() function did not flush the
     operand cache and causes a kernel stack dump, which allowed local users
     to obtain sensitive information from kernel memory and bypass the KASLR
     protection mechanism via a crafted ACPI table (bnc#1049580).
   - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
     allowed local users to gain privileges via a crafted ACPI table
     (bnc#1049603).
   - CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow
     local OS guest users to corrupt block device data streams and
     consequently obtain sensitive memory information, cause a denial of
     service, or gain host OS privileges by leveraging incorrect block IO
     merge-ability calculation (bnc#1051790).
   - CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register
     and crashed the host system (bsc#1058507).
   - CVE-2017-14106: The tcp_disconnect function allowed local users to cause
     a denial of service (__tcp_select_window divide-by-zero error and system
     crash) by triggering a disconnect within a certain tcp_recvmsg code path
     (bnc#1056982).
   - CVE-2017-7518: Faulty debug exception via syscall emulation allowed
     non-linux guests to escalate their privileges in the guest (bsc#1045922).
   - CVE-2017-7533: Race condition in the fsnotify implementation allowed
     local users to gain privileges or cause a denial of service (memory
     corruption) via a crafted application that leverages simultaneous
     execution of the inotify_handle_event and vfs_rename functions
     (bsc#1049483).
   - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users
     to cause a denial of service (buffer overflow and system crash) or
     possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet
     (bsc#1049645).
   - CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to
     cause a denial of service (integer overflow and infinite loop) by
     leveraging the ability to open a raw socket (bsc#1049882).

   The following non-security bugs were fixed:

   - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).
   - ACPI / scan: Prefer devices without _HID for _ADR matching.
   - ALSA: fm801: Initialize chip after IRQ handler is registered
     (bsc#1031717).
   - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
     (bsc#1020657).
   - ALSA: hda - Fix endless loop of codec configure (bsc#1031717).
   - ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).
   - ALSA: hda - set input_path bitmap to zero after moving it to new place
     (bsc#1031717).
   - ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform
     (bsc#1024405).
   - ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).
   - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
     (bsc#1052580).
   - Add "shutdown" to "struct class" (bsc#1053117).
   - Bluetooth: bnep: fix possible might sleep error in bnep_session
     (bsc#1031784).
   - Bluetooth: cmtp: fix possible might sleep error in cmtp_session
     (bsc#1031784).
   - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
     (bsc#1031784).
   - Drivers: hv: Fix the bug in generating the guest ID.
   - Drivers: hv: util: Fix a typo.
   - Drivers: hv: vmbus: Get the current time from the current clocksource
     (bnc#1044112, bnc#1042778, bnc#1029693).
   - Drivers: hv: vmbus: Move the code to signal end of message.
   - Drivers: hv: vmbus: Move the definition of generate_guest_id().
   - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents.
   - Drivers: hv: vmbus: Restructure the clockevents code.
   - Fix kABI breakage by KVM CVE fix (bsc#1045922).
   - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).
   - Input: gpio-keys - fix check for disabling unsupported keys
     (bsc#1031717).
   - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).
   - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
     (bsc#1051478).
   - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).
   - MD: fix sleep in atomic (bsc#1040351).
   - More Git-commit header fixups No functional change intended.
   - NFS: Cache aggressively when file is open for writing (bsc#1033587).
   - NFS: Do not flush caches for a getattr that races with writeback
     (bsc#1033587).
   - NFS: flush data when locking a file to ensure cache coherence for mmap
     (bsc#981309).
   - NFS: invalidate file size when taking a lock (git-fixes).
   - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).
   - PCI / PM: Fix native PME handling during system suspend/resume
     (bsc#1051478).
   - PCI: Add Mellanox device IDs (bsc#1051478).
   - PCI: Convert Mellanox broken INTx quirks to be for listed devices only
     (bsc#1051478).
   - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).
   - PCI: Enable ECRC only if device supports it (bsc#1051478).
   - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+
     (bsc#1051478).
   - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq()
     (bsc#1051478).
   - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN
     (bsc#1051478).
   - PM / Hibernate: Fix scheduling while atomic during hibernation
     (bsc#1051059).
   - Revert "/proc/iomem: only expose physical resource addresses to
     privileged users" (kabi).
   - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
     (bsc#1031717).
   - Revert "Add "shutdown" to "struct class"." (kabi).
   - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi).
   - Revert "Make file credentials available to the seqfile interfaces"
     (kabi).
   - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).
   - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"
     (bsc#1048914).
   - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).
   - USB: core: fix device node leak (bsc#1047487).
   - Update kabi files: sync with 4.4.74 updates
   - af_key: Add lock to key dump (bsc#1047653).
   - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
   - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
   - bcache: force trigger gc (bsc#1038078).
   - bcache: force trigger gc (bsc#1038078).
   - bcache: only recovery I/O error for writethrough mode (bsc#1043652).
   - bcache: only recovery I/O error for writethrough mode (bsc#1043652).
   - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).
   - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
   - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in
     test_nmi_ipi()') It only fixes a self-test (bsc#1051478).
   - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help
     text file path reference to lockup watchdog documentation') Updates only
     kconfig help-text (bsc#1051478).
   - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)
   - blacklist.conf: add unapplicable drm fixes (bsc#1031717).
   - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).
   - blkfront: add uevent for size change (bnc#1036632).
   - block: Allow bdi re-registration (bsc#1040307).
   - block: Fix front merge check (bsc#1051239).
   - block: Make del_gendisk() safer for disks without queues (bsc#1040307).
   - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).
   - block: do not allow updates through sysfs until registration completes
     (bsc#1047027).
   - bnxt: add a missing rcu synchronization (bnc#1038583).
   - bnxt: do not busy-poll when link is down (bnc#1038583).
   - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).
   - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).
   - bnxt_en: Fix NULL pointer dereference in a failure path during open
     (bnc#1038583).
   - bnxt_en: Fix NULL pointer dereference in reopen failure path
     (bnc#1038583).
   - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
   - bnxt_en: Fix VF virtual link state (bnc#1038583).
   - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
   - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).
   - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).
   - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
   - bnxt_en: Refactor TPA code path (bnc#1038583).
   - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).
   - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).
   - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).
   - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
   - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).
   - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
   - btrfs: fix lockup in find_free_extent with read-only block groups
     (bsc#1046682).
   - btrfs: incremental send, fix invalid path for link commands
     (bsc#1051479).
   - btrfs: incremental send, fix invalid path for unlink commands
     (bsc#1051479).
   - btrfs: resume qgroup rescan on rw remount (bsc#1047152).
   - btrfs: send, fix invalid path after renaming and linking file
     (bsc#1051479).
   - ceph: fix readpage from fscache (bsc#1057015).
   - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
   - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).
   - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).
   - cxgb4: Fix stack out-of-bounds read due to wrong size to
     t4_record_mbox() (bsc#1021424 bsc#1022743).
   - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).
   - dentry name snapshots (bsc#1049483).
   - dm: fix second blk_delay_queue() parameter to be in msec units not
     (bsc#1047670).
   - drivers: hv: vmbus: Increase the time between retries in
     vmbus_post_msg() (bnc#1044112).
   - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
   - drm/amdgpu: Fix overflow of watermark calcs at greater than 4k
     resolutions (bsc#1031717).
   - drm/bochs: Implement nomodeset (bsc#1047096).
   - drm/i915/fbdev: Stop repeating tile configuration on stagnation
     (bsc#1031717).
   - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).
   - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).
   - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).
   - drm/vmwgfx: Fix large topology crash (bsc#1048155).
   - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
   - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).
   - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).
   - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).
   - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
     (bsc#1012829).
   - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).
   - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
   - gcov: add support for gcc version greater than 6 (bsc#1051663).
   - gcov: support GCC 7.1 (bsc#1051663).
   - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).
   - gfs2: fix flock panic issue (bsc#1012829).
   - hrtimer: Catch invalid clockids again (bsc#1047651).
   - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).
   - hv_util: switch to using timespec64.
   - hv_utils: drop .getcrosststamp() support from PTP driver (bnc#1044112,
     bnc#1042778, bnc#1029693).
   - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (bnc#1044112,
     bnc#1042778, bnc#1029693).
   - i2c: designware-baytrail: fix potential null pointer dereference on dev
     (bsc#1011913).
   - i40e: Removal of workaround for simple MAC address filter deletion
     (bsc#1039915).
   - i40e: When searching all MAC/VLAN filters, ignore removed filters
     (bsc#1039915).
   - i40e: add VSI info to macaddr messages (bsc#1039915).
   - i40e: add hw struct local variable (bsc#1039915).
   - i40e: add private flag to control source pruning (bsc#1034075).
   - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).
   - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).
   - i40e: delete filter after adding its replacement when converting
     (bsc#1039915).
   - i40e: do not add broadcast filter for VFs (bsc#1039915).
   - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID lower
     than 1 (bsc#1039915).
   - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter
     (bsc#1039915).
   - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast
     filter (bsc#1039915).
   - i40e: factor out addition/deletion of VLAN per each MAC address
     (bsc#1039915).
   - i40e: fix MAC filters when removing VLANs (bsc#1039915).
   - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan
     (bsc#1039915).
   - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).
   - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).
   - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters
     (bsc#1039915).
   - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).
   - i40e: no need to check is_vsi_in_vlan before calling
     i40e_del_mac_all_vlan (bsc#1039915).
   - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters
     (bsc#1039915).
   - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).
   - i40e: refactor Rx filter handling (bsc#1039915).
   - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan
     (bsc#1039915).
   - i40e: refactor i40e_update_filter_state to avoid passing aq_err
     (bsc#1039915).
   - i40e: remove code to handle dev_addr specially (bsc#1039915).
   - i40e: remove duplicate add/delete adminq command code for filters
     (bsc#1039915).
   - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid
     (bsc#1039915).
   - i40e: removed unreachable code (bsc#1039915).
   - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan
     (bsc#1039915).
   - i40e: restore workaround for removing default MAC filter (bsc#1039915).
   - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).
   - i40e: store MAC/VLAN filters in a hash with the MAC Address as key
     (bsc#1039915).
   - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID
     (bsc#1039915).
   - i40e: when adding or removing MAC filters, correctly handle VLANs
     (bsc#1039915).
   - i40e: write HENA for VFs (bsc#1039915).
   - ibmvnic: Check for transport event on driver resume (bsc#1051556,
     bsc#1052709).
   - ibmvnic: Clean up resources on probe failure (bsc#1058116).
   - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).
   - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).
   - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value
     (bsc#1031717).
   - introduce the walk_process_tree() helper (bnc#1022476).
   - iommu/amd: Fix schedule-while-atomic BUG in initialization code
     (bsc1052533).
   - ipv4: Should use consistent conditional judgement for ip fragment in
     __ip_append_data and ip_finish_output (bsc#1041958).
   - ipv6: Should use consistent conditional judgement for ip6 fragment
     between __ip6_append_data and ip6_finish_output (bsc#1041958).
   - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
   - iwlwifi: mvm: compare full command ID.
   - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported
     (bsc#1031717).
   - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).
   - iwlwifi: mvm: synchronize firmware DMA paging memory.
   - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).
   - iwlwifi: mvm: unmap the paging memory before freeing it.
   - iwlwifi: pcie: fix command completion name debug (bsc#1031717).
   - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly
     version in panic path" (bsc#1051478).
   - kernel/*: switch to memdup_user_nul() (bsc#1048893).
   - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).
   - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
   - lib: test_rhashtable: fix for large entry counts (bsc#1055359).
   - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).
   - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).
   - lightnvm: nvme reset_controller is not working after adapter's firmware
     upgrade (bsc#988784).
   - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill
     warning.
   - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).
   - md/raid5: fix a race condition in stripe batch (linux-stable).
   - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
     poison -- git fixes).
   - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).
   - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation
     attempt (bnc#971975 VM -- git fixes).
   - mm: adaptive hash table scaling (bnc#1036303).
   - mm: call page_ext_init() after all struct pages are initialized (VM
     Debugging Functionality, bsc#1047048).
   - mm: drop HASH_ADAPT (bnc#1036303).
   - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,
     bsc#1042314).
   - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).
   - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
   - mwifiex: do not update MCS set from hostapd (bsc#1031717).
   - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).
   - net: account for current skb length when deciding about UFO
     (bsc#1041958).
   - net: ena: add hardware hints capability to the driver (bsc#1047121).
   - net: ena: add missing return when ena_com_get_io_handlers() fails
     (bsc#1047121).
   - net: ena: add missing unmap bars on device removal (bsc#1047121).
   - net: ena: add reset reason for each device FLR (bsc#1047121).
   - net: ena: add support for out of order rx buffers refill (bsc#1047121).
   - net: ena: allow the driver to work with small number of msix vectors
     (bsc#1047121).
   - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).
   - net: ena: change return value for unsupported features unsupported
     return value (bsc#1047121).
   - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).
   - net: ena: disable admin msix while working in polling mode (bsc#1047121).
   - net: ena: fix bug that might cause hang after consecutive open/close
     interface (bsc#1047121).
   - net: ena: fix race condition between submit and completion admin command
     (bsc#1047121).
   - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).
   - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).
   - net: ena: separate skb allocation to dedicated function (bsc#1047121).
   - net: ena: update driver's rx drop statistics (bsc#1047121).
   - net: ena: update ena driver to version 1.1.7 (bsc#1047121).
   - net: ena: update ena driver to version 1.2.0 (bsc#1047121).
   - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
     (bsc#1047121).
   - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).
   - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
     (bsc#1042286).
   - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).
   - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
   - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
   - netfilter: x_tables: pass xt_counters struct instead of packet counter
     (bsc#1052888).
   - netfilter: x_tables: pass xt_counters struct to counter allocator
     (bsc#1052888).
   - new helper: memdup_user_nul() (bsc#1048893).
   - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).
   - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).
   - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
     (bsc#1056827).
   - ovl: fix dentry leak for default_permissions (bsc#1054084).
   - percpu_ref: allow operation mode switching operations to be called
     concurrently (bsc#1055096).
   - percpu_ref: remove unnecessary RCU grace period for staggered atomic
     switching confirmation (bsc#1055096).
   - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
     percpu_ref_switch_to_atomic() (bsc#1055096).
   - percpu_ref: restructure operation mode switching (bsc#1055096).
   - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
   - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).
   - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).
   - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).
   - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill
     dmi list (bsc#1051022).
   - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill
     (bsc#1051022).
   - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
     (bsc#1051022).
   - prctl: propagate has_child_subreaper flag to every descendant
     (bnc#1022476).
   - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).
   - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id
     This needs rpm-4.14+ (bsc#964063).
   - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
   - s390: export symbols for crash-kmp (bsc#1053915).
   - sched/core: Allow __sched_setscheduler() in interrupts when PI is not
     used (bnc#1022476).
   - sched/debug: Print the scheduler topology group mask (bnc#1022476).
   - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).
   - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).
   - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all
     cfs_rqs (bnc#1022476).
   - sched/topology: Add sched_group_capacity debugging (bnc#1022476).
   - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).
   - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).
   - sched/topology: Move comment about asymmetric node setups (bnc#1022476).
   - sched/topology: Refactor function build_overlap_sched_groups()
     (bnc#1022476).
   - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).
   - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).
   - sched/topology: Small cleanup (bnc#1022476).
   - sched/topology: Verify the first group matches the child domain
     (bnc#1022476).
   - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).
   - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
   - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).
   - scsi: storvsc: Workaround for virtual DVD SCSI version (bnc#1044636).
   - scsi_devinfo: fixup string compare (bsc#1037404).
   - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).
   - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - supported.conf: clear mistaken external support flag for cifs.ko
     (bsc#1053802).
   - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).
   - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).
   - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).
   - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
   - sysctl: simplify unsigned int support (bsc#1048893).
   - timers: Plug locking race vs. timer migration (bnc#1022476).
   - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
   - tpm: KABI fix (bsc#1053117).
   - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
     bsc#1034048).
   - tpm: read burstcount from TPM_STS in one 32-bit transaction
     (bsc#1020645, bsc#1034048).
   - tpm_tis_core: Choose appropriate timeout for reading burstcount
     (bsc#1020645, bsc#1034048).
   - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
     bsc#1034048).
   - tty: serial: msm: Support more bauds (git-fixes).
   - ubifs: Correctly evict xattr inodes (bsc#1012829).
   - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).
   - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).
   - udf: Fix races with i_size changes during readpage (bsc#1012829).
   - vfs: fix missing inode_get_dev sites (bsc#1052049).
   - x86/LDT: Print the real LDT base address (bsc#1051478).
   - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()
     (bsc#1051399).
   - x86/mce: Make timer handling more robust (bsc#1042422).
   - x86/panic: replace smp_send_stop() with kdump friendly version in panic
     path (bsc#1051478).
   - xen-netfront: Rework the fix for Rx stall during OOM and network stress
     (git-fixes).
   - xen/balloon: do not online new memory initially (bnc#1028173).
   - xen/pvh*: Support greater than 32 VCPUs at domain restore (bnc#1045563).
   - xen: allocate page for shared info page from low memory (bnc#1038616).
   - xen: hold lock_device_hotplug throughout vcpu hotplug operations
     (bsc#1042422).
   - xfrm: NULL dereference on allocation failure (bsc#1047343).
   - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
   - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).
   - xfs: fix inobt inode allocation search optimization (bsc#1012829).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP2:

      zypper in -t patch SUSE-SLE-RT-12-SP2-2017-1833=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64):

      cluster-md-kmp-rt-4.4.88-18.1
      cluster-md-kmp-rt-debuginfo-4.4.88-18.1
      cluster-network-kmp-rt-4.4.88-18.1
      cluster-network-kmp-rt-debuginfo-4.4.88-18.1
      dlm-kmp-rt-4.4.88-18.1
      dlm-kmp-rt-debuginfo-4.4.88-18.1
      gfs2-kmp-rt-4.4.88-18.1
      gfs2-kmp-rt-debuginfo-4.4.88-18.1
      kernel-rt-4.4.88-18.1
      kernel-rt-base-4.4.88-18.1
      kernel-rt-base-debuginfo-4.4.88-18.1
      kernel-rt-debuginfo-4.4.88-18.1
      kernel-rt-debugsource-4.4.88-18.1
      kernel-rt-devel-4.4.88-18.1
      kernel-rt_debug-debuginfo-4.4.88-18.1
      kernel-rt_debug-debugsource-4.4.88-18.1
      kernel-rt_debug-devel-4.4.88-18.1
      kernel-rt_debug-devel-debuginfo-4.4.88-18.1
      kernel-syms-rt-4.4.88-18.1
      ocfs2-kmp-rt-4.4.88-18.1
      ocfs2-kmp-rt-debuginfo-4.4.88-18.1

   - SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch):

      kernel-devel-rt-4.4.88-18.1
      kernel-source-rt-4.4.88-18.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000111.html
   https://www.suse.com/security/cve/CVE-2017-1000112.html
   https://www.suse.com/security/cve/CVE-2017-1000251.html
   https://www.suse.com/security/cve/CVE-2017-1000252.html
   https://www.suse.com/security/cve/CVE-2017-1000365.html
   https://www.suse.com/security/cve/CVE-2017-10810.html
   https://www.suse.com/security/cve/CVE-2017-11472.html
   https://www.suse.com/security/cve/CVE-2017-11473.html
   https://www.suse.com/security/cve/CVE-2017-12134.html
   https://www.suse.com/security/cve/CVE-2017-12154.html
   https://www.suse.com/security/cve/CVE-2017-14051.html
   https://www.suse.com/security/cve/CVE-2017-14106.html
   https://www.suse.com/security/cve/CVE-2017-7518.html
   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7541.html
   https://www.suse.com/security/cve/CVE-2017-7542.html
   https://www.suse.com/security/cve/CVE-2017-8831.html
   https://bugzilla.suse.com/1005917
   https://bugzilla.suse.com/1006180
   https://bugzilla.suse.com/1011913
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1012829
   https://bugzilla.suse.com/1013887
   https://bugzilla.suse.com/1018419
   https://bugzilla.suse.com/1019151
   https://bugzilla.suse.com/1020645
   https://bugzilla.suse.com/1020657
   https://bugzilla.suse.com/1020685
   https://bugzilla.suse.com/1021424
   https://bugzilla.suse.com/1022476
   https://bugzilla.suse.com/1022743
   https://bugzilla.suse.com/1023175
   https://bugzilla.suse.com/1024405
   https://bugzilla.suse.com/1028173
   https://bugzilla.suse.com/1028286
   https://bugzilla.suse.com/1028819
   https://bugzilla.suse.com/1029693
   https://bugzilla.suse.com/1030552
   https://bugzilla.suse.com/1030850
   https://bugzilla.suse.com/1031515
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1031784
   https://bugzilla.suse.com/1033587
   https://bugzilla.suse.com/1034048
   https://bugzilla.suse.com/1034075
   https://bugzilla.suse.com/1034762
   https://bugzilla.suse.com/1036303
   https://bugzilla.suse.com/1036632
   https://bugzilla.suse.com/1037344
   https://bugzilla.suse.com/1037404
   https://bugzilla.suse.com/1037994
   https://bugzilla.suse.com/1038078
   https://bugzilla.suse.com/1038583
   https://bugzilla.suse.com/1038616
   https://bugzilla.suse.com/1038792
   https://bugzilla.suse.com/1038846
   https://bugzilla.suse.com/1038847
   https://bugzilla.suse.com/1039354
   https://bugzilla.suse.com/1039915
   https://bugzilla.suse.com/1040307
   https://bugzilla.suse.com/1040351
   https://bugzilla.suse.com/1041958
   https://bugzilla.suse.com/1042286
   https://bugzilla.suse.com/1042314
   https://bugzilla.suse.com/1042422
   https://bugzilla.suse.com/1042778
   https://bugzilla.suse.com/1043652
   https://bugzilla.suse.com/1044112
   https://bugzilla.suse.com/1044636
   https://bugzilla.suse.com/1045154
   https://bugzilla.suse.com/1045563
   https://bugzilla.suse.com/1045922
   https://bugzilla.suse.com/1046682
   https://bugzilla.suse.com/1046821
   https://bugzilla.suse.com/1046985
   https://bugzilla.suse.com/1047027
   https://bugzilla.suse.com/1047048
   https://bugzilla.suse.com/1047096
   https://bugzilla.suse.com/1047118
   https://bugzilla.suse.com/1047121
   https://bugzilla.suse.com/1047152
   https://bugzilla.suse.com/1047277
   https://bugzilla.suse.com/1047343
   https://bugzilla.suse.com/1047354
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1047651
   https://bugzilla.suse.com/1047653
   https://bugzilla.suse.com/1047670
   https://bugzilla.suse.com/1048155
   https://bugzilla.suse.com/1048221
   https://bugzilla.suse.com/1048317
   https://bugzilla.suse.com/1048891
   https://bugzilla.suse.com/1048893
   https://bugzilla.suse.com/1048914
   https://bugzilla.suse.com/1048934
   https://bugzilla.suse.com/1049226
   https://bugzilla.suse.com/1049483
   https://bugzilla.suse.com/1049486
   https://bugzilla.suse.com/1049580
   https://bugzilla.suse.com/1049603
   https://bugzilla.suse.com/1049645
   https://bugzilla.suse.com/1049882
   https://bugzilla.suse.com/1050061
   https://bugzilla.suse.com/1050188
   https://bugzilla.suse.com/1051022
   https://bugzilla.suse.com/1051059
   https://bugzilla.suse.com/1051239
   https://bugzilla.suse.com/1051399
   https://bugzilla.suse.com/1051478
   https://bugzilla.suse.com/1051479
   https://bugzilla.suse.com/1051556
   https://bugzilla.suse.com/1051663
   https://bugzilla.suse.com/1051790
   https://bugzilla.suse.com/1052049
   https://bugzilla.suse.com/1052223
   https://bugzilla.suse.com/1052311
   https://bugzilla.suse.com/1052365
   https://bugzilla.suse.com/1052533
   https://bugzilla.suse.com/1052580
   https://bugzilla.suse.com/1052709
   https://bugzilla.suse.com/1052773
   https://bugzilla.suse.com/1052794
   https://bugzilla.suse.com/1052888
   https://bugzilla.suse.com/1053117
   https://bugzilla.suse.com/1053802
   https://bugzilla.suse.com/1053915
   https://bugzilla.suse.com/1054084
   https://bugzilla.suse.com/1055013
   https://bugzilla.suse.com/1055096
   https://bugzilla.suse.com/1055359
   https://bugzilla.suse.com/1056261
   https://bugzilla.suse.com/1056588
   https://bugzilla.suse.com/1056827
   https://bugzilla.suse.com/1056982
   https://bugzilla.suse.com/1057015
   https://bugzilla.suse.com/1057389
   https://bugzilla.suse.com/1058038
   https://bugzilla.suse.com/1058116
   https://bugzilla.suse.com/1058507
   https://bugzilla.suse.com/963619
   https://bugzilla.suse.com/964063
   https://bugzilla.suse.com/964944
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/974215
   https://bugzilla.suse.com/981309
   https://bugzilla.suse.com/988784
   https://bugzilla.suse.com/993890



More information about the sle-security-updates mailing list