SUSE-SU-2018:2150-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 31 10:09:25 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2150-1
Rating:             important
References:         #1012382 #1068032 #1074562 #1074578 #1074701 
                    #1075006 #1075419 #1075748 #1075876 #1080039 
                    #1085185 #1085657 #1087084 #1087939 #1089525 
                    #1090435 #1090888 #1091171 #1092207 #1094244 
                    #1094248 #1094643 #1095453 #1096790 #1097034 
                    #1097140 #1097492 #1097501 #1097551 #1097808 
                    #1097931 #1097961 #1098016 #1098236 #1098425 
                    #1098435 #1098527 #1099042 #1099183 #1099279 
                    #1099713 #1099732 #1099810 #1099918 #1099924 
                    #1099966 #1099993 #1100089 #1100340 #1100416 
                    #1100418 #1100491 
Cross-References:   CVE-2017-5753 CVE-2018-13053 CVE-2018-13405
                    CVE-2018-13406 CVE-2018-9385
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 47 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.139 to
   receive various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow
     via a large relative timeout because ktime_add_safe was not used
     (bnc#1099924)
   - CVE-2018-9385: Prevent overread of the "driver_override" buffer
     (bsc#1100491)
   - CVE-2018-13405: The inode_init_owner function allowed local users to
     create files with an unintended group ownership allowing attackers to
     escalate privileges by making a plain file executable and SGID
     (bnc#1100416)
   - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function
     could have result in local attackers being able to crash the kernel or
     potentially elevate privileges because kmalloc_array is not used
     (bnc#1100418)
   - CVE-2017-5753: Systems with microprocessors utilizing speculative
     execution and branch prediction may have allowed unauthorized disclosure
     of information to an attacker with local user access via a side-channel
     analysis (bsc#1068032)

   The following non-security bugs were fixed:

   - 1wire: family module autoload fails because of upper/lower case mismatch
     (bnc#1012382).
   - ALSA: hda - Clean up ALC299 init code (bsc#1099810).
   - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810).
   - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810).
   - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810).
   - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).
   - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
     (bnc#1012382).
   - ALSA: hda - Use acpi_dev_present() (bsc#1099810).
   - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810).
   - ALSA: hda - silence uninitialized variable warning in activate_amp_in()
     (bsc#1099810).
   - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810).
   - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810).
   - ALSA: hda/realtek - Add headset mode support for Dell laptop
     (bsc#1099810).
   - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810).
   - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810).
   - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
     (bsc#1099810).
   - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
     (bsc#1099810).
   - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810).
   - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810).
   - ALSA: hda/realtek - Fix the problem of two front mics on more machines
     (bsc#1099810).
   - ALSA: hda/realtek - Fixup for HP x360 laptops with B and O speakers
     (bsc#1099810).
   - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810).
   - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810).
   - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*()
     (bsc#1099810).
   - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810).
   - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
     (bsc#1099810).
   - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810).
   - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810).
   - ALSA: hda/realtek - change the location for one of two front mics
     (bsc#1099810).
   - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810).
   - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810).
   - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810).
   - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD
     (bsc#1099810).
   - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810).
   - ALSA: hda: Fix forget to free resource in error handling code path in
     hda_codec_driver_probe (bsc#1099810).
   - ALSA: hda: add dock and led support for HP EliteBook 830 G5
     (bsc#1099810).
   - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810).
   - ALSA: hda: fix some klockwork scan warnings (bsc#1099810).
   - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
     size (bnc#1012382).
   - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).
   - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).
   - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
     (bnc#1012382).
   - Bluetooth: Fix connection if directed advertising and privacy is used
     (bnc#1012382).
   - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
     loader (bnc#1012382).
   - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).
   - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382).
   - Btrfs: make raid6 rebuild retry more (bnc#1012382).
   - Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).
   - Correct the arguments to verbose() (bsc#1098425)
   - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248,
     bsc at 1097140).
   - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382).
   - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).
   - Input: elan_i2c_smbus - fix more potential stack buffer overflows
     (bnc#1012382).
   - Input: elantech - enable middle button of touchpads on ThinkPad P52
     (bnc#1012382).
   - Input: elantech - fix V4 report decoding for module with middle key
     (bnc#1012382).
   - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
     (bnc#1012382).
   - MIPS: io: Add barrier after register read in inX() (bnc#1012382).
   - NFSv4: Fix possible 1-byte stack overflow in
     nfs_idmap_read_and_verify_message (bnc#1012382).
   - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
     resume (bnc#1012382).
   - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).
   - Refresh with upstream commit:62290a5c194b since the typo fix has been
     merged in upstream. (bsc#1085185)
   - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382).
   - Revert "kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183)."
     This turned out to be superfluous for 4.4.x kernels.
   - Revert "scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525)." This
     reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327.
   - UBIFS: Fix potential integer overflow in allocation (bnc#1012382).
   - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch
     (bsc#1098527).
   - atm: zatm: fix memcmp casting (bnc#1012382).
   - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).
   - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).
   - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).
   - block: Fix transfer when chunk sectors exceeds max (bnc#1012382).
   - bonding: re-evaluate force_primary when the primary slave name changes
     (bnc#1012382).
   - bpf: properly enforce index mask to prevent out-of-bounds speculation
     (bsc#1098425).
   - branch-check: fix long->int truncation when profiling branches
     (bnc#1012382).
   - cdc_ncm: avoid padding beyond end of skb (bnc#1012382).
   - ceph: fix dentry leak in splice_dentry() (bsc#1098236).
   - ceph: fix use-after-free in ceph_statfs() (bsc#1098236).
   - ceph: fix wrong check for the case of updating link count (bsc#1098236).
   - ceph: prevent i_version from going back (bsc#1098236).
   - ceph: support file lock on directory (bsc#1098236).
   - cifs: Check for timeout on Negotiate stage (bsc#1091171).
   - cpufreq: Fix new policy initialization during limits updates via sysfs
     (bnc#1012382).
   - cpuidle: powernv: Fix promotion from snooze if next state disabled
     (bnc#1012382).
   - dm thin: handle running out of data space vs concurrent discard
     (bnc#1012382).
   - dm: convert DM printk macros to pr_level macros (bsc#1099918).
   - dm: fix printk() rate limiting code (bsc#1099918).
   - driver core: Do not ignore class_dir_create_and_add() failure
     (bnc#1012382).
   - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
     (bsc#1075876).
   - ext4: fix fencepost error in check for inode count overflow during
     resize (bnc#1012382).
   - ext4: fix unsupported feature message formatting (bsc#1098435).
   - ext4: update mtime in ext4_punch_hole even if no blocks are released
     (bnc#1012382).
   - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279).
   - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382).
   - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382).
   - fuse: fix control dir setup and teardown (bnc#1012382).
   - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492).
   - hv_netvsc: defer queue selection to VF (bsc#1097492).
   - hv_netvsc: enable multicast if necessary (bsc#1097492).
   - hv_netvsc: filter multicast/broadcast (bsc#1097492).
   - hv_netvsc: fix filter flags (bsc#1097492).
   - hv_netvsc: fix locking during VF setup (bsc#1097492).
   - hv_netvsc: fix locking for rx_mode (bsc#1097492).
   - hv_netvsc: propagate rx filters to VF (bsc#1097492).
   - iio:buffer: make length types match kfifo types (bnc#1012382).
   - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).
   - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).
   - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).
   - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810).
   - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810).
   - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).
   - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).
   - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).
   - libata: zpodd: make arrays cdb static, reduces object code size
     (bnc#1012382).
   - libata: zpodd: small read overflow in eject_tray() (bnc#1012382).
   - linvdimm, pmem: Preserve read-only setting for pmem devices
     (bnc#1012382).
   - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
     (bnc#1012382).
   - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732).
   - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).
   - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
     (bnc#1012382).
   - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).
   - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).
   - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).
   - mips: ftrace: fix static function graph tracing (bnc#1012382).
   - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Change write buffer to check correct value
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
     (bnc#1012382).
   - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382).
   - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382).
   - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS
     (bsc#1099918).
   - mtd: partitions: add helper for deleting partition (bsc#1099918).
   - mtd: partitions: remove sysfs files when deleting all master's
     partitions (bsc#1099918).
   - net/sonic: Use dma_mapping_error() (bnc#1012382).
   - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).
   - netfilter: ebtables: handle string from userspace with care
     (bnc#1012382).
   - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
     (bnc#1012382).
   - nvme-fabrics: allow duplicate connections to the discovery controller
     (bsc#1098527).
   - nvme-fabrics: allow internal passthrough command on deleting controllers
     (bsc#1098527).
   - nvme-fabrics: centralize discovery controller defaults (bsc#1098527).
   - nvme-fabrics: fix and refine state checks in __nvmf_check_ready
     (bsc#1098527).
   - nvme-fabrics: refactor queue ready check (bsc#1098527).
   - nvme-fc: change controllers first connect to use reconnect path
     (bsc#1098527).
   - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527).
   - nvme-fc: remove reinit_request routine (bsc#1098527).
   - nvme-fc: remove setting DNR on exception conditions (bsc#1098527).
   - nvme: allow duplicate controller if prior controller being deleted
     (bsc#1098527).
   - nvme: move init of keep_alive work item to controller initialization
     (bsc#1098527).
   - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage
     (bsc#1098527).
   - nvmet-fc: increase LS buffer count per fc port (bsc#1098527).
   - nvmet: switch loopback target state to connecting when resetting
     (bsc#1098527).
   - of: unittest: for strings, account for trailing \0 in property length
     field (bnc#1012382).
   - ovl: fix random return value on mount (bsc#1099993).
   - ovl: fix uid/gid when creating over whiteout (bsc#1099993).
   - ovl: override creds with the ones from the superblock mounter
     (bsc#1099993).
   - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382).
   - perf intel-pt: Fix MTC timing after overflow (bnc#1012382).
   - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
     TIP (bnc#1012382).
   - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).
   - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382).
   - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
     (bnc#1012382).
   - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad
     (bsc#1099810).
   - powerpc/64s: Exception macro for stack frame and initial register save
     (bsc#1094244).
   - powerpc/64s: Fix mce accounting for powernv (bsc#1094244).
   - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).
   - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
     (bnc#1012382).
   - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).
   - powerpc/ptrace: Fix setting 512B aligned breakpoints with
     PTRACE_SET_DEBUGREG (bnc#1012382).
   - powerpc: Machine check interrupt is a non-maskable interrupt
     (bsc#1094244).
   - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542).
   - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).
   - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).
   - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).
   - regulator: Do not return or expect -errno from of_map_mode()
     (bsc#1099042).
   - rmdir(),rename(): do shrink_dcache_parent() only on success
     (bsc#1100340).
   - s390/dasd: configurable IFCC handling (bsc#1097808).
   - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435).
   - sched/sysctl: Check user input value of sysctl_sched_time_avg
     (bsc#1100089).
   - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961).
   - scsi: ipr: new IOASC update (bsc#1097961).
   - scsi: lpfc: Change IO submit return to EBUSY if remote port is
     recovering (bsc#1092207).
   - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt
     (bsc#1092207).
   - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).
   - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).
   - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453).
   - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc
     (bsc#1095453).
   - scsi: lpfc: Fix port initialization failure (bsc#1095453).
   - scsi: lpfc: Fix up log messages and stats counters in IO submit code
     path (bsc#1092207).
   - scsi: lpfc: Handle new link fault code returned by adapter firmware
     (bsc#1092207).
   - scsi: lpfc: correct oversubscription of nvme io requests for an adapter
     (bsc#1095453).
   - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).
   - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).
   - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931)
   - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
     (bnc#1012382).
   - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)
   - scsi: zfcp: fix misleading REC trigger trace where erp_action setup
     failed (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix misleading REC trigger trace where erp_action setup
     failed (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
     return (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
     return (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
     ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
     ERP_FAILED (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
     (bnc#1099713, LTC#168765).
   - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
     (LTC#168765 bnc#1012382 bnc#1099713).
   - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
     (bnc#1099713, LTC#168765).
   - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
     version (bnc#1012382).
   - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382).
   - sort and rename various hyperv patches
   - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382).
   - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
     (bnc#1012382).
   - tcp: verify the checksum of the first data segment in a new connection
     (bnc#1012382).
   - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810).
   - time: Make sure jiffies_to_msecs() preserves non-zero time periods
     (bnc#1012382).
   - ubi: fastmap: Cancel work upon detach (bnc#1012382).
   - udf: Detect incorrect directory size (bnc#1012382).
   - usb: do not reset if a low-speed or full-speed device timed out
     (bnc#1012382).
   - usb: musb: fix remote wakeup racing with suspend (bnc#1012382).
   - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in
     stifb_init_fb() (bsc#1090888 bsc#1099966).
   - video: uvesafb: Fix integer overflow in allocation (bnc#1012382).
   - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
     (bnc#1012382).
   - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask
     (bsc#1094643).
   - x86/mce: Improve error message when kernel cannot recover (git-fixes
     b2f9d678e28c).
   - x86/pti: do not report XenPV as vulnerable (bsc#1097551).
   - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382).
   - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382).
   - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).
   - xfrm: skip policies marked as dead while rehashing (bnc#1012382).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP3:

      zypper in -t patch SUSE-SLE-RT-12-SP3-2018-1460=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):

      cluster-md-kmp-rt-4.4.139-3.17.1
      cluster-md-kmp-rt-debuginfo-4.4.139-3.17.1
      dlm-kmp-rt-4.4.139-3.17.1
      dlm-kmp-rt-debuginfo-4.4.139-3.17.1
      gfs2-kmp-rt-4.4.139-3.17.1
      gfs2-kmp-rt-debuginfo-4.4.139-3.17.1
      kernel-rt-4.4.139-3.17.1
      kernel-rt-base-4.4.139-3.17.1
      kernel-rt-base-debuginfo-4.4.139-3.17.1
      kernel-rt-debuginfo-4.4.139-3.17.1
      kernel-rt-debugsource-4.4.139-3.17.1
      kernel-rt-devel-4.4.139-3.17.1
      kernel-rt_debug-debuginfo-4.4.139-3.17.1
      kernel-rt_debug-debugsource-4.4.139-3.17.1
      kernel-rt_debug-devel-4.4.139-3.17.1
      kernel-rt_debug-devel-debuginfo-4.4.139-3.17.1
      kernel-syms-rt-4.4.139-3.17.1
      ocfs2-kmp-rt-4.4.139-3.17.1
      ocfs2-kmp-rt-debuginfo-4.4.139-3.17.1

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):

      kernel-devel-rt-4.4.139-3.17.1
      kernel-source-rt-4.4.139-3.17.1


References:

   https://www.suse.com/security/cve/CVE-2017-5753.html
   https://www.suse.com/security/cve/CVE-2018-13053.html
   https://www.suse.com/security/cve/CVE-2018-13405.html
   https://www.suse.com/security/cve/CVE-2018-13406.html
   https://www.suse.com/security/cve/CVE-2018-9385.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1074562
   https://bugzilla.suse.com/1074578
   https://bugzilla.suse.com/1074701
   https://bugzilla.suse.com/1075006
   https://bugzilla.suse.com/1075419
   https://bugzilla.suse.com/1075748
   https://bugzilla.suse.com/1075876
   https://bugzilla.suse.com/1080039
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1085657
   https://bugzilla.suse.com/1087084
   https://bugzilla.suse.com/1087939
   https://bugzilla.suse.com/1089525
   https://bugzilla.suse.com/1090435
   https://bugzilla.suse.com/1090888
   https://bugzilla.suse.com/1091171
   https://bugzilla.suse.com/1092207
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1094248
   https://bugzilla.suse.com/1094643
   https://bugzilla.suse.com/1095453
   https://bugzilla.suse.com/1096790
   https://bugzilla.suse.com/1097034
   https://bugzilla.suse.com/1097140
   https://bugzilla.suse.com/1097492
   https://bugzilla.suse.com/1097501
   https://bugzilla.suse.com/1097551
   https://bugzilla.suse.com/1097808
   https://bugzilla.suse.com/1097931
   https://bugzilla.suse.com/1097961
   https://bugzilla.suse.com/1098016
   https://bugzilla.suse.com/1098236
   https://bugzilla.suse.com/1098425
   https://bugzilla.suse.com/1098435
   https://bugzilla.suse.com/1098527
   https://bugzilla.suse.com/1099042
   https://bugzilla.suse.com/1099183
   https://bugzilla.suse.com/1099279
   https://bugzilla.suse.com/1099713
   https://bugzilla.suse.com/1099732
   https://bugzilla.suse.com/1099810
   https://bugzilla.suse.com/1099918
   https://bugzilla.suse.com/1099924
   https://bugzilla.suse.com/1099966
   https://bugzilla.suse.com/1099993
   https://bugzilla.suse.com/1100089
   https://bugzilla.suse.com/1100340
   https://bugzilla.suse.com/1100416
   https://bugzilla.suse.com/1100418
   https://bugzilla.suse.com/1100491



More information about the sle-security-updates mailing list