SUSE-SU-2017:2389-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 8 10:09:04 MDT 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2389-1
Rating:             important
References:         #1000365 #1000380 #1012422 #1013018 #1015452 
                    #1023051 #1029140 #1029850 #1030552 #1030593 
                    #1030814 #1032340 #1032471 #1034026 #1034670 
                    #1035576 #1035721 #1035777 #1035920 #1036056 
                    #1036288 #1036629 #1037191 #1037193 #1037227 
                    #1037232 #1037233 #1037356 #1037358 #1037359 
                    #1037441 #1038544 #1038879 #1038981 #1038982 
                    #1039258 #1039354 #1039456 #1039594 #1039882 
                    #1039883 #1039885 #1040069 #1040351 #1041160 
                    #1041431 #1041762 #1041975 #1042045 #1042615 
                    #1042633 #1042687 #1042832 #1042863 #1043014 
                    #1043234 #1043935 #1044015 #1044125 #1044216 
                    #1044230 #1044854 #1044882 #1044913 #1045154 
                    #1045356 #1045416 #1045479 #1045487 #1045525 
                    #1045538 #1045547 #1045615 #1046107 #1046192 
                    #1046715 #1047027 #1047053 #1047343 #1047354 
                    #1047487 #1047523 #1047653 #1048185 #1048221 
                    #1048232 #1048275 #1049128 #1049483 #1049603 
                    #1049688 #1049882 #1050154 #1050431 #1051478 
                    #1051515 #1051770 #1055680 #784815 #792863 
                    #799133 #909618 #919382 #928138 #938352 #943786 
                    #948562 #962257 #971975 #972891 #986924 #990682 
                    #995542 
Cross-References:   CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363
                    CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176
                    CVE-2017-11473 CVE-2017-2647 CVE-2017-6951
                    CVE-2017-7482 CVE-2017-7487 CVE-2017-7533
                    CVE-2017-7542 CVE-2017-8890 CVE-2017-8924
                    CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
                    CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 21 vulnerabilities and has 92 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-7482: Several missing length checks ticket decode allowing for
     information leak or potentially code execution (bsc#1046107).
   - CVE-2016-10277: Potential privilege escalation due to a missing bounds
     check in the lp driver. A kernel command-line adversary can overflow the
     parport_nr array to execute code (bsc#1039456).
   - CVE-2017-7542: The ip6_find_1stfragopt function in
     net/ipv6/output_core.c in the Linux kernel allowed local users to cause
     a denial of service (integer overflow and infinite loop) by leveraging
     the ability to open a raw socket (bsc#1049882).
   - CVE-2017-7533: Bug in inotify code allowing privilege escalation
     (bsc#1049483).
   - CVE-2017-11176: The mq_notify function in the Linux kernel did not set
     the sock pointer to NULL upon entry into the retry logic. During a
     user-space close of a Netlink socket, it allowed attackers to cause a
     denial of service (use-after-free) or possibly have unspecified other
     impact (bsc#1048275).
   - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
     in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
     to gain privileges via a crafted ACPI table (bnc#1049603).
   - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the
     arguments and environmental strings passed through
     RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
     argument and environment pointers into account, which allowed attackers
     to bypass this limitation. (bnc#1039354)
   - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
     users to gain privileges via a large filesystem stack that includes an
     overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
     (bnc#1032340)
   - CVE-2017-8924: The edge_bulk_in_callback function in
     drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
     obtain sensitive information (in the dmesg ringbuffer and syslog) from
     uninitialized kernel memory by using a crafted USB device (posing as an
     io_ti USB serial device) to trigger an integer underflow (bnc#1038982).
   - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
     in the Linux kernel allowed local users to cause a denial of service
     (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).
   - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in
     the ALSA /dev/snd/timer driver resulting in local users being able to
     read information belonging to other users, i.e., uninitialized memory
     contents could have bene disclosed when a read and an ioctl happen at
     the same time (bnc#1044125)
   - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     was too late in checking whether an overwrite of an skb data structure
     may occur, which allowed local users to cause a denial of service
     (system crash) via crafted system calls (bnc#1041431)
   - CVE-2017-1000363: A buffer overflow in kernel commandline handling of
     the "lp" parameter could be used by local console attackers to bypass
     certain secure boot settings. (bnc#1039456)
   - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)
   - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)
   - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)
   - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
     did not consider that the nexthdr field may be associated with an
     invalid option, which allowed local users to cause a denial of service
     (out-of-bounds read and BUG) or possibly have unspecified other impact
     via crafted socket and send system calls (bnc#1039882)
   - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
     Linux kernel mishandled reference counts, which allowed local users to
     cause a denial of service (use-after-free) or possibly have unspecified
     other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
     (bnc#1038879)
   - CVE-2017-8890: The inet_csk_clone_lock function in
     net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
     cause a denial of service (double free) or possibly have unspecified
     other impact by leveraging use of the accept system call (bnc#1038544)
   - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (NULL pointer
     dereference and system crash) via vectors involving a NULL value for a
     certain match field, related to the keyring_search_iterator function in
     keyring.c (bnc#1030593)
   - CVE-2017-6951: The keyring_search_aux function in
     security/keys/keyring.c in the Linux kernel allowed local users to cause
     a denial of service (NULL pointer dereference and OOPS) via a
     request_key system call for the "dead" type (bnc#1029850)

   The following non-security bugs were fixed:

   - 8250: use callbacks to access UART_DLL/UART_DLM.
   - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
   - ALSA: hda - Fix regression of HD-audio controller fallback modes
     (bsc#1045538).
   - ALSA: hda - using uninitialized data (bsc#1045538).
   - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
     (bsc#1045538).
   - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
     (bsc#1045538).
   - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
   - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
   - Add CVE tag to references
   - CIFS: backport prepath matching fix (bsc#799133).
   - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).
   - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().
   - Fix scripts/bigmem-generate-ifdef-guard to work on all branches
   - Fix soft lockup in svc_rdma_send (bsc#1044854).
   - IB/mlx4: Demote mcg message from warning to debug (bsc#919382).
   - IB/mlx4: Fix ib device initialization error flow (bsc#919382).
   - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
   - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
   - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
     (bsc#919382).
   - IB/mlx4: Set traffic class in AH (bsc#919382).
   - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
     operation (bsc#1036288).
   - Input: cm109 - validate number of endpoints before using them
     (bsc#1037193).
   - Input: hanwang - validate number of endpoints before using them
     (bsc#1037232).
   - Input: yealink - validate number of endpoints before using them
     (bsc#1037227).
   - KEYS: Disallow keyrings beginning with '.' to be joined as session
     keyrings (bnc#1035576).
   - NFS: Avoid getting confused by confused server (bsc#1045416).
   - NFS: Fix another OPEN_DOWNGRADE bug (git-next).
   - NFS: Fix size of NFSACL SETACL operations (git-fixes).
   - NFS: Make nfs_readdir revalidate less often (bsc#1048232).
   - NFS: tidy up nfs_show_mountd_netid (git-fixes).
   - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688
     bsc#1051770).
   - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
   - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).
   - NFSv4: Fix problems with close in the presence of a delegation
     (git-fixes).
   - NFSv4: Fix the underestimation of delegation XDR space reservation
     (git-fixes).
   - NFSv4: fix getacl head length estimation (git-fixes).
   - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
   - Remove superfluous make flags (bsc#1012422)
   - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
   - Revert "math64: New div64_u64_rem helper" (bnc#938352).
   - SUNRPC: Fix a memory leak in the backchannel code (git-fixes).
   - Staging: vt6655-6: potential NULL dereference in
     hostap_disable_hostapd() (bsc#1045479).
   - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
   - USB: class: usbtmc: do not print error when allocating urb fails
     (bsc#1036288).
   - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).
   - USB: iowarrior: fix NULL-deref in write (bsc#1037359).
   - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
   - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
   - USB: serial: ark3116: fix register-accessor error handling (git-fixes).
   - USB: serial: ch341: fix open error handling (bsc#1037441).
   - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).
   - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
   - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
   - USB: serial: io_ti: fix information leak in completion handler
     (git-fixes).
   - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
   - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).
   - USB: serial: sierra: fix bogus alternate-setting assumption
     (bsc#1037441).
   - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
   - USB: usbip: fix nonconforming hub descriptor (bsc#1047487).
   - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
   - USB: usbtmc: Change magic number to constant (bsc#1036288).
   - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
   - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
   - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
   - USB: usbtmc: add missing endpoint sanity check (bsc#1036288).
   - USB: usbtmc: fix DMA on stack (bsc#1036288).
   - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
   - USB: usbtmc: fix probe error path (bsc#1036288).
   - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
     (bsc#1036288).
   - USB: wusbcore: fix NULL-deref at probe (bsc#1045487).
   - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
   - Use make --output-sync feature when available (bsc#1012422).
   - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
   - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
   - acpi: Disable APEI error injection if securelevel is set (bsc#972891,
     bsc#1023051).
   - af_key: Add lock to key dump (bsc#1047653).
   - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
   - ath9k: fix buffer overrun for ar9287 (bsc#1045538).
   - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU
     (bsc#1035721).
   - blacklist.conf: Add a few inapplicable items (bsc#1045538).
   - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub
     to weak to prevent gcc from using short jumps to it') The released
     kernels are not build with a gas new enough to optimize the jmps so that
     this patch would be required. (bsc#1051478)
   - blkback/blktap: do not leak stack data via response ring (bsc#1042863
     XSA-216).
   - block: do not allow updates through sysfs until registration completes
     (bsc#1047027).
   - block: fix ext_dev_lock lockdep report (bsc#1050154).
   - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - cifs: Timeout on SMBNegotiate request (bsc#1044913).
   - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode
     numbers are in use (bsc#1041975). backporting upstream commit
     2f2591a34db6c9361faa316c91a6e320cb4e6aee
   - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
   - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
   - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).
   - decompress_bunzip2: off by one in get_next_block() (git-fixes).
   - dentry name snapshots (bsc#1049483).
   - devres: fix a for loop bounds check (git-fixes).
   - dm: fix ioctl retry termination with signal (bsc#1050154).
   - drm/mgag200: Add support for G200eH3 (bnc#1044216)
   - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
     bsc#995542).
   - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: fix fdatasync(2) after extent manipulation operations
     (bsc#1013018).
   - ext4: keep existing extra fields when inode expands (bsc#1013018).
   - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
   - firmware: fix directory creation rule matching with make 3.80
     (bsc#1012422).
   - firmware: fix directory creation rule matching with make 3.82
     (bsc#1012422).
   - fixed invalid assignment of 64bit mask to host dma_boundary for scatter
     gather segment boundary limit (bsc#1042045).
   - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
   - fnic: Using rport->dd_data to check rport online instead of rport_lookup
     (bsc#1035920).
   - fs/block_dev: always invalidate cleancache in invalidate_bdev()
     (git-fixes).
   - fs/xattr.c: zero out memory copied to userspace in getxattr
     (bsc#1013018).
   - fs: fix data invalidation in the cleancache during direct IO (git-fixes).
   - fuse: add missing FR_FORCE (bsc#1013018).
   - genirq: Prevent proc race against freeing of irq descriptors
     (bnc#1044230).
   - hrtimer: Allow concurrent hrtimer_start() for self restarting timers
     (bnc#1013018).
   - initial cr0 bits (bnc#1036056, LTC#153612).
   - ipmr, ip6mr: fix scheduling while atomic and a deadlock with
     ipmr_get_route (git-fixes).
   - irq: Fix race condition (bsc#1042615).
   - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
   - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
   - jsm: add support for additional Neo cards (bsc#1045615).
   - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
   - libata: fix sff host state machine locking while polling (bsc#1045525).
   - libceph: NULL deref on crush_decode() error path (bsc#1044015).
   - libceph: potential NULL dereference in ceph_msg_data_create()
     (bsc#1051515).
   - libfc: fixup locking in fc_disc_stop() (bsc#1029140).
   - libfc: move 'pending' and 'requested' setting (bsc#1029140).
   - libfc: only restart discovery after timeout if not already running
     (bsc#1029140).
   - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
   - math64: New div64_u64_rem helper (bnc#938352).
   - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
   - md/raid1: extend spinlock to protect raid1_end_read_request against
     inconsistencies (git-fixes).
   - md/raid1: fix test for 'was read error from last working device'
     (git-fixes).
   - md/raid5: Fix CPU hotplug callback registration (git-fixes).
   - md/raid5: do not record new size if resize_stripes fails (git-fixes).
   - md: ensure md devices are freed before module is unloaded (git-fixes).
   - md: fix a null dereference (bsc#1040351).
   - md: flush ->event_work before stopping array (git-fixes).
   - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
     (git-fixes).
   - md: use separate bio_pool for metadata writes (bsc#1040351).
   - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
   - mlx4: reduce OOM risk on arches with large pages (bsc#919382).
   - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
     Functionality, bsc#1042832).
   - mm/memory-failure.c: use compound_head() flags for huge pages
     (bnc#971975 VM -- git fixes).
   - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
     Functionality, bsc#1042832).
   - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
     (bsc#1045547).
   - mmc: ushc: fix NULL-deref at probe (bsc#1037191).
   - module: fix memory leak on early load_module() failures (bsc#1043014).
   - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
   - net/mlx4: Fix the check in attaching steering rules (bsc#919382).
   - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
     to device managed flow steering (bsc#919382).
   - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
     (bsc#919382).
   - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
     physical (bsc#919382).
   - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
     new probed PFs (bsc#919382).
   - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
     VGT transitions (bsc#919382).
   - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
   - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
   - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
     (bsc#919382).
   - net/mlx4_core: Use-after-free causes a resource leak in flow-steering
     detach (bsc#919382).
   - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
   - net/mlx4_en: Change the error print to debug print (bsc#919382).
   - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
   - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
   - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
   - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
   - net: avoid reference counter overflows on fib_rules in multicast
     forwarding (git-fixes).
   - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
   - netxen_nic: set rcode to the return status from the call to
     netxen_issue_cmd (bnc#784815).
   - nfs: fix nfs_size_to_loff_t (git-fixes).
   - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
   - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
   - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
   - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
     ocfs2_unblock_lock (bsc#962257).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
   - perf/core: Fix event inheritance on fork() (bnc#1013018).
   - powerpc/ibmebus: Fix device reference leaks in sysfs interface
     (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777
     [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
     (bsc#1032471).
   - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).
   - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).
   - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
     (bsc#1032471).
   - powerpc/mm/hash: Support 68 bit VA (bsc#1032471).
   - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).
   - powerpc/mm/slice: Convert slice_mask high slice to a bitmap
     (bsc#1032471).
   - powerpc/mm/slice: Fix off-by-1 error when computing slice mask
     (bsc#1032471).
   - powerpc/mm/slice: Move slice_mask struct definition to slice.c
     (bsc#1032471).
   - powerpc/mm/slice: Update slice mask printing to use bitmap printing
     (bsc#1032471).
   - powerpc/mm/slice: Update the function prototype (bsc#1032471).
   - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
     (bsc#928138).
   - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
     (bsc#1032471).
   - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
     (bsc#1032471).
   - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777
     [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/pseries: Release DRC when configure_connector fails
     (bsc#1035777, Pending Base Kernel Fixes).
   - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).
   - powerpc: Remove STAB code (bsc#1032471).
   - random32: fix off-by-one in seeding requirement (git-fixes).
   - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
   - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
   - s390/qdio: clear DSCI prior to scanning multiple input queues
     (bnc#1046715, LTC#156234).
   - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
   - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
   - sched/core: Remove false-positive warning from wake_up_process()
     (bnc#1044882).
   - sched/cputime: Do not scale when utime == 0 (bnc#938352).
   - sched/debug: Print the scheduler topology group mask (bnc#1013018).
   - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
   - sched/fair: Fix min_vruntime tracking (bnc#1013018).
   - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
     for b60205c7c558 sched/fair: Fix min_vruntime tracking
   - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
   - sched/topology: Move comment about asymmetric node setups (bnc#1013018).
   - sched/topology: Optimize build_group_mask() (bnc#1013018).
   - sched/topology: Refactor function build_overlap_sched_groups()
     (bnc#1013018).
   - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
   - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
   - sched/topology: Verify the first group matches the child domain
     (bnc#1013018).
   - sched: Always initialize cpu-power (bnc#1013018).
   - sched: Avoid cputime scaling overflow (bnc#938352).
   - sched: Avoid prev->stime underflow (bnc#938352).
   - sched: Do not account bogus utime (bnc#938352).
   - sched: Fix SD_OVERLAP (bnc#1013018).
   - sched: Fix domain iteration (bnc#1013018).
   - sched: Lower chances of cputime scaling overflow (bnc#938352).
   - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
     (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
     tracking
   - sched: Rename a misleading variable in build_overlap_sched_groups()
     (bnc#1013018).
   - sched: Use swap() macro in scale_stime() (bnc#938352).
   - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
   - scsi: fix race between simultaneous decrements of ->host_failed
     (bsc#1050154).
   - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
     (bsc#1035920).
   - scsi: mvsas: fix command_active typo (bsc#1050154).
   - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
     (bsc#1050154).
   - sfc: do not device_attach if a reset is pending (bsc#909618).
   - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - splice: Stub splice_write_to_file (bsc#1043234).
   - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
   - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
   - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
   - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
   - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
   - udf: Fix races with i_size changes during readpage (bsc#1013018).
   - usbtmc: remove redundant braces (bsc#1036288).
   - usbtmc: remove trailing spaces (bsc#1036288).
   - usbvision: fix NULL-deref at probe (bsc#1050431).
   - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
   - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
   - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
   - vmxnet3: avoid calling pskb_may_pull with interrupts disabled
     (bsc#1045356).
   - vmxnet3: fix checks for dma mapping errors (bsc#1045356).
   - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
   - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
     (bsc#948562).
   - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression
     greater than 0 (bsc#1051478).
   - xen: avoid deadlock in xenbus (bnc#1047523).
   - xfrm: NULL dereference on allocation failure (bsc#1047343).
   - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
   - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
   - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
   - xfs: use ->b_state to fix buffer I/O accounting release race
     (bsc#1041160).
   - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-13274=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-13274=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-13274=1

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-13274=1

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-kernel-13274=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-13274=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.7.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.7.1
      kernel-default-base-3.0.101-108.7.1
      kernel-default-devel-3.0.101-108.7.1
      kernel-source-3.0.101-108.7.1
      kernel-syms-3.0.101-108.7.1
      kernel-trace-3.0.101-108.7.1
      kernel-trace-base-3.0.101-108.7.1
      kernel-trace-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.7.1
      kernel-ec2-base-3.0.101-108.7.1
      kernel-ec2-devel-3.0.101-108.7.1
      kernel-xen-3.0.101-108.7.1
      kernel-xen-base-3.0.101-108.7.1
      kernel-xen-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.7.1
      kernel-bigmem-base-3.0.101-108.7.1
      kernel-bigmem-devel-3.0.101-108.7.1
      kernel-ppc64-3.0.101-108.7.1
      kernel-ppc64-base-3.0.101-108.7.1
      kernel-ppc64-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.7.1
      kernel-pae-base-3.0.101-108.7.1
      kernel-pae-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14
      drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13
      drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13
      gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14
      gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14
      ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14
      cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14
      drbd-8.4.4-0.27.2.1
      drbd-bash-completion-8.4.4-0.27.2.1
      drbd-heartbeat-8.4.4-0.27.2.1
      drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-pacemaker-8.4.4-0.27.2.1
      drbd-udev-8.4.4-0.27.2.1
      drbd-utils-8.4.4-0.27.2.1
      gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14
      gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4
      ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):

      drbd-xen-8.4.4-0.27.2.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

      cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14
      cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14
      gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4
      ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      drbd-debuginfo-8.4.4-0.27.2.1
      drbd-debugsource-8.4.4-0.27.2.1
      kernel-default-debuginfo-3.0.101-108.7.1
      kernel-default-debugsource-3.0.101-108.7.1
      kernel-trace-debuginfo-3.0.101-108.7.1
      kernel-trace-debugsource-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.7.1
      kernel-trace-devel-debuginfo-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.7.1
      kernel-ec2-debugsource-3.0.101-108.7.1
      kernel-xen-debuginfo-3.0.101-108.7.1
      kernel-xen-debugsource-3.0.101-108.7.1
      kernel-xen-devel-debuginfo-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.7.1
      kernel-bigmem-debugsource-3.0.101-108.7.1
      kernel-ppc64-debuginfo-3.0.101-108.7.1
      kernel-ppc64-debugsource-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.7.1
      kernel-pae-debugsource-3.0.101-108.7.1
      kernel-pae-devel-debuginfo-3.0.101-108.7.1


References:

   https://www.suse.com/security/cve/CVE-2014-9922.html
   https://www.suse.com/security/cve/CVE-2016-10277.html
   https://www.suse.com/security/cve/CVE-2017-1000363.html
   https://www.suse.com/security/cve/CVE-2017-1000365.html
   https://www.suse.com/security/cve/CVE-2017-1000380.html
   https://www.suse.com/security/cve/CVE-2017-11176.html
   https://www.suse.com/security/cve/CVE-2017-11473.html
   https://www.suse.com/security/cve/CVE-2017-2647.html
   https://www.suse.com/security/cve/CVE-2017-6951.html
   https://www.suse.com/security/cve/CVE-2017-7482.html
   https://www.suse.com/security/cve/CVE-2017-7487.html
   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7542.html
   https://www.suse.com/security/cve/CVE-2017-8890.html
   https://www.suse.com/security/cve/CVE-2017-8924.html
   https://www.suse.com/security/cve/CVE-2017-8925.html
   https://www.suse.com/security/cve/CVE-2017-9074.html
   https://www.suse.com/security/cve/CVE-2017-9075.html
   https://www.suse.com/security/cve/CVE-2017-9076.html
   https://www.suse.com/security/cve/CVE-2017-9077.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1000365
   https://bugzilla.suse.com/1000380
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1015452
   https://bugzilla.suse.com/1023051
   https://bugzilla.suse.com/1029140
   https://bugzilla.suse.com/1029850
   https://bugzilla.suse.com/1030552
   https://bugzilla.suse.com/1030593
   https://bugzilla.suse.com/1030814
   https://bugzilla.suse.com/1032340
   https://bugzilla.suse.com/1032471
   https://bugzilla.suse.com/1034026
   https://bugzilla.suse.com/1034670
   https://bugzilla.suse.com/1035576
   https://bugzilla.suse.com/1035721
   https://bugzilla.suse.com/1035777
   https://bugzilla.suse.com/1035920
   https://bugzilla.suse.com/1036056
   https://bugzilla.suse.com/1036288
   https://bugzilla.suse.com/1036629
   https://bugzilla.suse.com/1037191
   https://bugzilla.suse.com/1037193
   https://bugzilla.suse.com/1037227
   https://bugzilla.suse.com/1037232
   https://bugzilla.suse.com/1037233
   https://bugzilla.suse.com/1037356
   https://bugzilla.suse.com/1037358
   https://bugzilla.suse.com/1037359
   https://bugzilla.suse.com/1037441
   https://bugzilla.suse.com/1038544
   https://bugzilla.suse.com/1038879
   https://bugzilla.suse.com/1038981
   https://bugzilla.suse.com/1038982
   https://bugzilla.suse.com/1039258
   https://bugzilla.suse.com/1039354
   https://bugzilla.suse.com/1039456
   https://bugzilla.suse.com/1039594
   https://bugzilla.suse.com/1039882
   https://bugzilla.suse.com/1039883
   https://bugzilla.suse.com/1039885
   https://bugzilla.suse.com/1040069
   https://bugzilla.suse.com/1040351
   https://bugzilla.suse.com/1041160
   https://bugzilla.suse.com/1041431
   https://bugzilla.suse.com/1041762
   https://bugzilla.suse.com/1041975
   https://bugzilla.suse.com/1042045
   https://bugzilla.suse.com/1042615
   https://bugzilla.suse.com/1042633
   https://bugzilla.suse.com/1042687
   https://bugzilla.suse.com/1042832
   https://bugzilla.suse.com/1042863
   https://bugzilla.suse.com/1043014
   https://bugzilla.suse.com/1043234
   https://bugzilla.suse.com/1043935
   https://bugzilla.suse.com/1044015
   https://bugzilla.suse.com/1044125
   https://bugzilla.suse.com/1044216
   https://bugzilla.suse.com/1044230
   https://bugzilla.suse.com/1044854
   https://bugzilla.suse.com/1044882
   https://bugzilla.suse.com/1044913
   https://bugzilla.suse.com/1045154
   https://bugzilla.suse.com/1045356
   https://bugzilla.suse.com/1045416
   https://bugzilla.suse.com/1045479
   https://bugzilla.suse.com/1045487
   https://bugzilla.suse.com/1045525
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1045547
   https://bugzilla.suse.com/1045615
   https://bugzilla.suse.com/1046107
   https://bugzilla.suse.com/1046192
   https://bugzilla.suse.com/1046715
   https://bugzilla.suse.com/1047027
   https://bugzilla.suse.com/1047053
   https://bugzilla.suse.com/1047343
   https://bugzilla.suse.com/1047354
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1047523
   https://bugzilla.suse.com/1047653
   https://bugzilla.suse.com/1048185
   https://bugzilla.suse.com/1048221
   https://bugzilla.suse.com/1048232
   https://bugzilla.suse.com/1048275
   https://bugzilla.suse.com/1049128
   https://bugzilla.suse.com/1049483
   https://bugzilla.suse.com/1049603
   https://bugzilla.suse.com/1049688
   https://bugzilla.suse.com/1049882
   https://bugzilla.suse.com/1050154
   https://bugzilla.suse.com/1050431
   https://bugzilla.suse.com/1051478
   https://bugzilla.suse.com/1051515
   https://bugzilla.suse.com/1051770
   https://bugzilla.suse.com/1055680
   https://bugzilla.suse.com/784815
   https://bugzilla.suse.com/792863
   https://bugzilla.suse.com/799133
   https://bugzilla.suse.com/909618
   https://bugzilla.suse.com/919382
   https://bugzilla.suse.com/928138
   https://bugzilla.suse.com/938352
   https://bugzilla.suse.com/943786
   https://bugzilla.suse.com/948562
   https://bugzilla.suse.com/962257
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/972891
   https://bugzilla.suse.com/986924
   https://bugzilla.suse.com/990682
   https://bugzilla.suse.com/995542



More information about the sle-security-updates mailing list