SUSE-SU-2018:2051-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 24 10:08:52 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2051-1
Rating:             important
References:         #1012382 #1064232 #1075876 #1076110 #1085185 
                    #1085657 #1089525 #1090435 #1090888 #1091171 
                    #1092207 #1094244 #1094248 #1094643 #1095453 
                    #1096790 #1097034 #1097140 #1097492 #1097501 
                    #1097551 #1097808 #1097931 #1097961 #1098016 
                    #1098236 #1098425 #1098435 #1098527 #1098599 
                    #1099042 #1099183 #1099279 #1099713 #1099732 
                    #1099792 #1099810 #1099918 #1099924 #1099966 
                    #1099993 #1100089 #1100340 #1100416 #1100418 
                    #1100491 #1100843 #1101296 
Cross-References:   CVE-2018-13053 CVE-2018-13405 CVE-2018-13406
                    CVE-2018-9385
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Live Patching 12-SP3
                    SUSE Linux Enterprise High Availability 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE CaaS Platform ALL
                    SUSE CaaS Platform 3.0
______________________________________________________________________________

   An update that solves four vulnerabilities and has 44 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.140 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow
     via a large relative timeout because ktime_add_safe was not used
     (bnc#1099924)
   - CVE-2018-9385: Prevent overread of the "driver_override" buffer
     (bsc#1100491)
   - CVE-2018-13405: The inode_init_owner function allowed local users to
     create files with an unintended group ownership allowing attackers to
     escalate privileges by making a plain file executable and SGID
     (bnc#1100416)
   - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function
     could have result in local attackers being able to crash the kernel or
     potentially elevate privileges because kmalloc_array is not used
     (bnc#1100418)

   The following non-security bugs were fixed:

   - 1wire: family module autoload fails because of upper/lower case mismatch
     (bnc#1012382).
   - ALSA: hda - Clean up ALC299 init code (bsc#1099810).
   - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810).
   - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810).
   - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810).
   - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).
   - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
     (bnc#1012382).
   - ALSA: hda - Use acpi_dev_present() (bsc#1099810).
   - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810).
   - ALSA: hda - silence uninitialized variable warning in activate_amp_in()
     (bsc#1099810).
   - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810).
   - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810).
   - ALSA: hda/realtek - Add headset mode support for Dell laptop
     (bsc#1099810).
   - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810).
   - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810).
   - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
     (bsc#1099810).
   - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
     (bsc#1099810).
   - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810).
   - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810).
   - ALSA: hda/realtek - Fix the problem of two front mics on more machines
     (bsc#1099810).
   - ALSA: hda/realtek - Fixup for HP x360 laptops with BandO speakers
     (bsc#1099810).
   - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810).
   - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810).
   - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*()
     (bsc#1099810).
   - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810).
   - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
     (bsc#1099810).
   - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810).
   - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810).
   - ALSA: hda/realtek - change the location for one of two front mics
     (bsc#1099810).
   - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810).
   - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810).
   - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810).
   - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD
     (bsc#1099810).
   - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810).
   - ALSA: hda: Fix forget to free resource in error handling code path in
     hda_codec_driver_probe (bsc#1099810).
   - ALSA: hda: add dock and led support for HP EliteBook 830 G5
     (bsc#1099810).
   - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810).
   - ALSA: hda: fix some klockwork scan warnings (bsc#1099810).
   - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
     size (bnc#1012382).
   - ARM: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382).
   - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).
   - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).
   - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
     (bnc#1012382).
   - Bluetooth: Fix connection if directed advertising and privacy is used
     (bnc#1012382).
   - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
     loader (bnc#1012382).
   - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).
   - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382).
   - Btrfs: make raid6 rebuild retry more (bnc#1012382).
   - Correct the arguments to verbose() (bsc#1098425)
   - HID: debug: check length before copy_to_user() (bnc#1012382).
   - HID: hiddev: fix potential Spectre v1 (bnc#1012382).
   - HID: i2c-hid: Fix "incomplete report" noise (bnc#1012382).
   - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248,
     bsc at 1097140).
   - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382).
   - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).
   - Input: elan_i2c_smbus - fix more potential stack buffer overflows
     (bnc#1012382).
   - Input: elantech - enable middle button of touchpads on ThinkPad P52
     (bnc#1012382).
   - Input: elantech - fix V4 report decoding for module with middle key
     (bnc#1012382).
   - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
     (bnc#1012382).
   - MIPS: io: Add barrier after register read in inX() (bnc#1012382).
   - NFSv4: Fix possible 1-byte stack overflow in
     nfs_idmap_read_and_verify_message (bnc#1012382).
   - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
     resume (bnc#1012382).
   - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).
   - Refresh with upstream commit:62290a5c194b since the typo fix has been
     merged in upstream. (bsc#1085185)
   - Remove broken patches for dac9063 watchdog (bsc#1100843)
   - Remove sorted section marker This branch contains a small sorted section
     with an old format that fails the current checker. Updating the section
     and scripts to the new format might make merges with other branches more
     difficult. Instead, simply remove the section marker.
   - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382).
   - Revert "kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183)."
     This turned out to be superfluous for 4.4.x kernels.
   - Revert "scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525)." This
     reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327.
   - UBIFS: Fix potential integer overflow in allocation (bnc#1012382).
   - USB: serial: cp210x: add CESINEL device ids (bnc#1012382).
   - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
     (bnc#1012382).
   - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch
     (bsc#1098527).
   - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
     (bnc#1012382).
   - atm: zatm: fix memcmp casting (bnc#1012382).
   - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).
   - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).
   - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).
   - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232).
   - bcache: Annotate switch fall-through (bsc#1064232).
   - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232).
   - bcache: Fix indentation (bsc#1064232).
   - bcache: Fix kernel-doc warnings (bsc#1064232).
   - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110).
   - bcache: Reduce the number of sparse complaints about lock imbalances
     (bsc#1064232).
   - bcache: Remove an unused variable (bsc#1064232).
   - bcache: Suppress more warnings about set-but-not-used variables
     (bsc#1064232).
   - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110).
   - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232).
   - bcache: add backing_request_endio() for bi_end_io (bsc#1064232).
   - bcache: add io_disable to struct cached_dev (bsc#1064232).
   - bcache: add journal statistic (bsc#1076110).
   - bcache: add stop_when_cache_set_failed option to backing device
     (bsc#1064232).
   - bcache: add wait_for_kthread_stop() in bch_allocator_thread()
     (bsc#1064232).
   - bcache: closures: move control bits one bit right (bsc#1076110).
   - bcache: correct flash only vols (check all uuids) (bsc#1064232).
   - bcache: count backing device I/O error for writeback I/O (bsc#1064232).
   - bcache: fix cached_dev->count usage for bch_cache_set_error()
     (bsc#1064232).
   - bcache: fix crashes in duplicate cache device register (bsc#1076110).
   - bcache: fix error return value in memory shrink (bsc#1064232).
   - bcache: fix high CPU occupancy during journal (bsc#1076110).
   - bcache: fix inaccurate io state for detached bcache devices
     (bsc#1064232).
   - bcache: fix incorrect sysfs output value of strip size (bsc#1064232).
   - bcache: fix misleading error message in bch_count_io_errors()
     (bsc#1064232).
   - bcache: fix using of loop variable in memory shrink (bsc#1064232).
   - bcache: fix writeback target calc on large devices (bsc#1076110).
   - bcache: fix wrong return value in bch_debug_init() (bsc#1076110).
   - bcache: mark closure_sync() __sched (bsc#1076110).
   - bcache: move closure debug file into debug directory (bsc#1064232).
   - bcache: reduce cache_set devices iteration by devices_max_used
     (bsc#1064232).
   - bcache: ret IOERR when read meets metadata error (bsc#1076110).
   - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n
     (bsc#1064232).
   - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232).
   - bcache: set dc->io_disable to true in conditional_stop_bcache_device()
     (bsc#1064232).
   - bcache: set error_limit correctly (bsc#1064232).
   - bcache: set writeback_rate_update_seconds in range [1, 60] seconds
     (bsc#1064232).
   - bcache: stop bcache device when backing device is offline (bsc#1064232).
   - bcache: stop dc->writeback_rate_update properly (bsc#1064232).
   - bcache: stop writeback thread after detaching (bsc#1076110).
   - bcache: store disk name in struct cache and struct cached_dev
     (bsc#1064232).
   - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
     (bsc#1064232).
   - block: Fix transfer when chunk sectors exceeds max (bnc#1012382).
   - bonding: re-evaluate force_primary when the primary slave name changes
     (bnc#1012382).
   - bpf: properly enforce index mask to prevent out-of-bounds speculation
     (bsc#1098425).
   - branch-check: fix long->int truncation when profiling branches
     (bnc#1012382).
   - btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).
   - cdc_ncm: avoid padding beyond end of skb (bnc#1012382).
   - ceph: fix dentry leak in splice_dentry() (bsc#1098236).
   - ceph: fix use-after-free in ceph_statfs() (bsc#1098236).
   - ceph: fix wrong check for the case of updating link count (bsc#1098236).
   - ceph: prevent i_version from going back (bsc#1098236).
   - ceph: support file lock on directory (bsc#1098236).
   - cifs: Check for timeout on Negotiate stage (bsc#1091171).
   - cifs: Fix infinite loop when using hard mount option (bnc#1012382).
   - cpufreq: Fix new policy initialization during limits updates via sysfs
     (bnc#1012382).
   - cpuidle: powernv: Fix promotion from snooze if next state disabled
     (bnc#1012382).
   - dm thin: handle running out of data space vs concurrent discard
     (bnc#1012382).
   - dm: convert DM printk macros to pr level macros (bsc#1099918).
   - dm: fix printk() rate limiting code (bsc#1099918).
   - drbd: fix access after free (bnc#1012382).
   - driver core: Do not ignore class_dir_create_and_add() failure
     (bnc#1012382).
   - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
     (bsc#1075876).
   - ext4: add more inode number paranoia checks (bnc#1012382).
   - ext4: add more mount time checks of the superblock (bnc#1012382).
   - ext4: always check block group bounds in ext4_init_block_bitmap()
     (bnc#1012382).
   - ext4: check superblock mapped prior to committing (bnc#1012382).
   - ext4: clear i_data in ext4_inode_info when removing inline data
     (bnc#1012382).
   - ext4: fix fencepost error in check for inode count overflow during
     resize (bnc#1012382).
   - ext4: fix unsupported feature message formatting (bsc#1098435).
   - ext4: include the illegal physical block in the bad map ext4_error msg
     (bnc#1012382).
   - ext4: make sure bitmaps and the inode table do not overlap with bg
     descriptors (bnc#1012382).
   - ext4: only look at the bg_flags field if it is valid (bnc#1012382).
   - ext4: update mtime in ext4_punch_hole even if no blocks are released
     (bnc#1012382).
   - ext4: verify the depth of extent tree in ext4_find_extent()
     (bnc#1012382).
   - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279).
   - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382).
   - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382).
   - fuse: fix control dir setup and teardown (bnc#1012382).
   - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492).
   - hv_netvsc: defer queue selection to VF (bsc#1097492).
   - hv_netvsc: enable multicast if necessary (bsc#1097492).
   - hv_netvsc: filter multicast/broadcast (bsc#1097492).
   - hv_netvsc: fix filter flags (bsc#1097492).
   - hv_netvsc: fix locking during VF setup (bsc#1097492).
   - hv_netvsc: fix locking for rx_mode (bsc#1097492).
   - hv_netvsc: propagate rx filters to VF (bsc#1097492).
   - i2c: rcar: fix resume by always initializing registers before transfer
     (bnc#1012382).
   - iio:buffer: make length types match kfifo types (bnc#1012382).
   - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).
   - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).
   - ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382).
   - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).
   - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810).
   - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810).
   - jbd2: do not mark block as modified if the handle is out of credits
     (bnc#1012382).
   - kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses
     symboles expoted by bcache.
   - kmod: fix wait on recursive loop (bsc#1099792).
   - kmod: reduce atomic operations on kmod_concurrent and simplify
     (bsc#1099792).
   - kmod: throttle kmod thread limit (bsc#1099792).
   - kprobes/x86: Do not modify singlestep buffer while resuming
     (bnc#1012382).
   - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).
   - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).
   - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).
   - libata: zpodd: make arrays cdb static, reduces object code size
     (bnc#1012382).
   - libata: zpodd: small read overflow in eject_tray() (bnc#1012382).
   - linvdimm, pmem: Preserve read-only setting for pmem devices
     (bnc#1012382).
   - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
     (bnc#1012382).
   - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732).
   - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).
   - media: cx25840: Use subdev host data for PLL override (bnc#1012382).
   - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
     (bnc#1012382).
   - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).
   - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).
   - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).
   - mips: ftrace: fix static function graph tracing (bnc#1012382).
   - mm: hugetlb: yield when prepping struct pages (bnc#1012382).
   - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Change erase functions to retry for error
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Change write buffer to check correct value
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382).
   - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382).
   - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS
     (bsc#1099918).
   - mtd: partitions: add helper for deleting partition (bsc#1099918).
   - mtd: partitions: remove sysfs files when deleting all master's
     partitions (bsc#1099918).
   - mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382).
   - n_tty: Access echo_* variables carefully (bnc#1012382).
   - n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382).
   - net/sonic: Use dma_mapping_error() (bnc#1012382).
   - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).
   - netfilter: ebtables: handle string from userspace with care
     (bnc#1012382).
   - netfilter: nf_log: do not hold nf_log_mutex during user access
     (bnc#1012382).
   - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in
     nft_do_chain() (bnc#1012382).
   - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
     (bnc#1012382).
   - nvme-fabrics: allow duplicate connections to the discovery controller
     (bsc#1098527).
   - nvme-fabrics: allow internal passthrough command on deleting controllers
     (bsc#1098527).
   - nvme-fabrics: centralize discovery controller defaults (bsc#1098527).
   - nvme-fabrics: fix and refine state checks in __nvmf_check_ready
     (bsc#1098527).
   - nvme-fabrics: refactor queue ready check (bsc#1098527).
   - nvme-fc: change controllers first connect to use reconnect path
     (bsc#1098527).
   - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527).
   - nvme-fc: remove reinit_request routine (bsc#1098527).
   - nvme-fc: remove setting DNR on exception conditions (bsc#1098527).
   - nvme-pci: initialize queue memory before interrupts (bnc#1012382).
   - nvme: allow duplicate controller if prior controller being deleted
     (bsc#1098527).
   - nvme: move init of keep_alive work item to controller initialization
     (bsc#1098527).
   - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage
     (bsc#1098527).
   - nvmet-fc: increase LS buffer count per fc port (bsc#1098527).
   - nvmet: switch loopback target state to connecting when resetting
     (bsc#1098527).
   - of: unittest: for strings, account for trailing \0 in property length
     field (bnc#1012382).
   - ovl: fix random return value on mount (bsc#1099993).
   - ovl: fix uid/gid when creating over whiteout (bsc#1099993).
   - ovl: override creds with the ones from the superblock mounter
     (bsc#1099993).
   - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382).
   - perf intel-pt: Fix MTC timing after overflow (bnc#1012382).
   - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
     TIP (bnc#1012382).
   - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).
   - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382).
   - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
     (bnc#1012382).
   - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad
     (bsc#1099810).
   - powerpc/64s: Exception macro for stack frame and initial register save
     (bsc#1094244).
   - powerpc/64s: Fix mce accounting for powernv (bsc#1094244).
   - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).
   - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
     (bnc#1012382).
   - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).
   - powerpc/ptrace: Fix setting 512B aligned breakpoints with
     PTRACE_SET_DEBUGREG (bnc#1012382).
   - powerpc: Machine check interrupt is a non-maskable interrupt
     (bsc#1094244).
   - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542).
   - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).
   - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).
   - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).
   - regulator: Do not return or expect -errno from of_map_mode()
     (bsc#1099042).
   - restore cond_resched() in shrink_dcache_parent() (bsc#1098599).
   - rmdir(),rename(): do shrink_dcache_parent() only on success
     (bsc#1100340).
   - s390/dasd: configurable IFCC handling (bsc#1097808).
   - s390: Correct register corruption in critical section cleanup
     (bnc#1012382).
   - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435).
   - sched/sysctl: Check user input value of sysctl_sched_time_avg
     (bsc#1100089).
   - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961).
   - scsi: ipr: new IOASC update (bsc#1097961).
   - scsi: lpfc: Change IO submit return to EBUSY if remote port is
     recovering (bsc#1092207).
   - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt
     (bsc#1092207).
   - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).
   - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).
   - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453).
   - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc
     (bsc#1095453).
   - scsi: lpfc: Fix port initialization failure (bsc#1095453).
   - scsi: lpfc: Fix up log messages and stats counters in IO submit code
     path (bsc#1092207).
   - scsi: lpfc: Handle new link fault code returned by adapter firmware
     (bsc#1092207).
   - scsi: lpfc: correct oversubscription of nvme io requests for an adapter
     (bsc#1095453).
   - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).
   - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).
   - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931)
   - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
     (bnc#1012382).
   - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)
   - scsi: sg: mitigate read/write abuse (bsc#1101296).
   - scsi: zfcp: fix misleading REC trigger trace where erp_action setup
     failed (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix misleading REC trigger trace where erp_action setup
     failed (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
     return (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
     return (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
     ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
     ERP_FAILED (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
     (bnc#1099713, LTC#168765).
   - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
     version (bnc#1012382).
   - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382).
   - sort and rename various hyperv patches
   - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382).
   - staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382).
   - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
     (bnc#1012382).
   - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
     (bnc#1012382).
   - tcp: verify the checksum of the first data segment in a new connection
     (bnc#1012382).
   - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810).
   - time: Make sure jiffies_to_msecs() preserves non-zero time periods
     (bnc#1012382).
   - tracing: Fix missing return symbol in function_graph output
     (bnc#1012382).
   - ubi: fastmap: Cancel work upon detach (bnc#1012382).
   - ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382).
   - udf: Detect incorrect directory size (bnc#1012382).
   - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382).
   - usb: do not reset if a low-speed or full-speed device timed out
     (bnc#1012382).
   - usb: musb: fix remote wakeup racing with suspend (bnc#1012382).
   - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in
     stifb_init_fb() (bsc#1090888 bsc#1099966).
   - video: uvesafb: Fix integer overflow in allocation (bnc#1012382).
   - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
     (bnc#1012382).
   - wait: add wait_event_killable_timeout() (bsc#1099792).
   - watchdog: da9063: Fix setting/changing timeout (bsc#1100843).
   - watchdog: da9063: Fix timeout handling during probe (bsc#1100843).
   - watchdog: da9063: Fix updating timeout value (bsc#1100843).
   - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask
     (bsc#1094643).
   - x86/mce: Fix incorrect "Machine check from unknown source" message
     (bnc#1012382).
   - x86/mce: Improve error message when kernel cannot recover (git-fixes
     b2f9d678e28c).
   - x86/pti: do not report XenPV as vulnerable (bsc#1097551).
   - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382).
   - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382).
   - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).
   - xfrm: skip policies marked as dead while rehashing (bnc#1012382).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP3:

      zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1385=1

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1385=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1385=1

   - SUSE Linux Enterprise Live Patching 12-SP3:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1385=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1385=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1385=1

   - SUSE CaaS Platform ALL:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.

   - SUSE CaaS Platform 3.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):

      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1
      kernel-default-extra-4.4.140-94.42.1
      kernel-default-extra-debuginfo-4.4.140-94.42.1

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.4.140-94.42.1
      kernel-obs-build-debugsource-4.4.140-94.42.1

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):

      kernel-docs-4.4.140-94.42.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.4.140-94.42.1
      kernel-default-base-4.4.140-94.42.1
      kernel-default-base-debuginfo-4.4.140-94.42.1
      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1
      kernel-default-devel-4.4.140-94.42.1
      kernel-syms-4.4.140-94.42.1

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      kernel-devel-4.4.140-94.42.1
      kernel-macros-4.4.140-94.42.1
      kernel-source-4.4.140-94.42.1

   - SUSE Linux Enterprise Server 12-SP3 (s390x):

      kernel-default-man-4.4.140-94.42.1

   - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):

      kgraft-patch-4_4_140-94_42-default-1-4.3.1
      kgraft-patch-4_4_140-94_42-default-debuginfo-1-4.3.1

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.4.140-94.42.1
      cluster-md-kmp-default-debuginfo-4.4.140-94.42.1
      dlm-kmp-default-4.4.140-94.42.1
      dlm-kmp-default-debuginfo-4.4.140-94.42.1
      gfs2-kmp-default-4.4.140-94.42.1
      gfs2-kmp-default-debuginfo-4.4.140-94.42.1
      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1
      ocfs2-kmp-default-4.4.140-94.42.1
      ocfs2-kmp-default-debuginfo-4.4.140-94.42.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      kernel-default-4.4.140-94.42.1
      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1
      kernel-default-devel-4.4.140-94.42.1
      kernel-default-extra-4.4.140-94.42.1
      kernel-default-extra-debuginfo-4.4.140-94.42.1
      kernel-syms-4.4.140-94.42.1

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      kernel-devel-4.4.140-94.42.1
      kernel-macros-4.4.140-94.42.1
      kernel-source-4.4.140-94.42.1

   - SUSE CaaS Platform ALL (x86_64):

      kernel-default-4.4.140-94.42.1
      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1

   - SUSE CaaS Platform 3.0 (x86_64):

      kernel-default-4.4.140-94.42.1
      kernel-default-debuginfo-4.4.140-94.42.1
      kernel-default-debugsource-4.4.140-94.42.1


References:

   https://www.suse.com/security/cve/CVE-2018-13053.html
   https://www.suse.com/security/cve/CVE-2018-13405.html
   https://www.suse.com/security/cve/CVE-2018-13406.html
   https://www.suse.com/security/cve/CVE-2018-9385.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1064232
   https://bugzilla.suse.com/1075876
   https://bugzilla.suse.com/1076110
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1085657
   https://bugzilla.suse.com/1089525
   https://bugzilla.suse.com/1090435
   https://bugzilla.suse.com/1090888
   https://bugzilla.suse.com/1091171
   https://bugzilla.suse.com/1092207
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1094248
   https://bugzilla.suse.com/1094643
   https://bugzilla.suse.com/1095453
   https://bugzilla.suse.com/1096790
   https://bugzilla.suse.com/1097034
   https://bugzilla.suse.com/1097140
   https://bugzilla.suse.com/1097492
   https://bugzilla.suse.com/1097501
   https://bugzilla.suse.com/1097551
   https://bugzilla.suse.com/1097808
   https://bugzilla.suse.com/1097931
   https://bugzilla.suse.com/1097961
   https://bugzilla.suse.com/1098016
   https://bugzilla.suse.com/1098236
   https://bugzilla.suse.com/1098425
   https://bugzilla.suse.com/1098435
   https://bugzilla.suse.com/1098527
   https://bugzilla.suse.com/1098599
   https://bugzilla.suse.com/1099042
   https://bugzilla.suse.com/1099183
   https://bugzilla.suse.com/1099279
   https://bugzilla.suse.com/1099713
   https://bugzilla.suse.com/1099732
   https://bugzilla.suse.com/1099792
   https://bugzilla.suse.com/1099810
   https://bugzilla.suse.com/1099918
   https://bugzilla.suse.com/1099924
   https://bugzilla.suse.com/1099966
   https://bugzilla.suse.com/1099993
   https://bugzilla.suse.com/1100089
   https://bugzilla.suse.com/1100340
   https://bugzilla.suse.com/1100416
   https://bugzilla.suse.com/1100418
   https://bugzilla.suse.com/1100491
   https://bugzilla.suse.com/1100843
   https://bugzilla.suse.com/1101296



More information about the sle-security-updates mailing list