SUSE-SU-2018:0785-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Mar 23 11:08:51 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0785-1
Rating:             important
References:         #1005776 #1006867 #1012382 #1012829 #1027054 
                    #1031717 #1034503 #1035432 #1042286 #1043441 
                    #1045330 #1062840 #1065600 #1065615 #1066223 
                    #1067118 #1068032 #1068569 #1069135 #1071306 
                    #1071892 #1072363 #1072689 #1072739 #1072865 
                    #1073401 #1074198 #1074426 #1075087 #1076282 
                    #1077285 #1077513 #1077560 #1077779 #1078583 
                    #1078609 #1078672 #1078673 #1078787 #1079029 
                    #1079038 #1079384 #1079989 #1080014 #1080263 
                    #1080344 #1080360 #1080364 #1080384 #1080464 
                    #1080774 #1080809 #1080813 #1080851 #1081134 
                    #1081431 #1081491 #1081498 #1081500 #1081512 
                    #1081671 #1082223 #1082299 #1082478 #1082795 
                    #1082864 #1082897 #1082979 #1082993 #1083494 
                    #1083548 #1084610 #1085053 #1085107 #1085224 
                    #1085239 #863764 #966328 #975772 #983145 
                    
Cross-References:   CVE-2017-13166 CVE-2017-15951 CVE-2017-16644
                    CVE-2017-16912 CVE-2017-16913 CVE-2017-17975
                    CVE-2017-18208 CVE-2018-1000026 CVE-2018-1068
                    CVE-2018-8087
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP2
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise High Availability 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP2
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 70 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2
     video driver was fixed. (bnc#1072865).
   - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the
     actions of updating versus finding a key in the "negative" state to
     avoid a race condition, which allowed local users to cause a denial of
     service or possibly have unspecified other impact via crafted system
     calls (bnc#1062840 bnc#1065615).
   - CVE-2017-16644: The hdpvr_probe function in
     drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
     denial of service (improper error handling and system crash) or possibly
     have unspecified other impact via a crafted USB device (bnc#1067118).
   - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)
     allowed attackers to cause a denial of service (out-of-bounds read) via
     a specially crafted USB over IP packet (bnc#1078673).
   - CVE-2017-16913: The "stub_recv_cmd_submit()" function
     (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed
     attackers to cause a denial of service (arbitrary memory allocation) via
     a specially crafted USB over IP packet (bnc#1078672).
   - CVE-2017-17975: Use-after-free in the usbtv_probe function in
     drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial
     of service (system crash) or possibly have unspecified other impact by
     triggering failure of audio registration, because a kfree of the usbtv
     data structure occurs during a usbtv_video_free call, but the
     usbtv_video_fail label's code attempts to both access and free this data
     structure (bnc#1074426).
   - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
     local users to cause a denial of service (infinite loop) by triggering
     use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
   - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in
     drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a
     denial of service (memory consumption) by triggering an out-of-array
     error case (bnc#1085053).
   - CVE-2018-1000026: A insufficient input validation vulnerability in the
     bnx2x network card driver could result in DoS: Network card firmware
     assertion takes card off-line. This attack appear to be exploitable via
     An attacker on a must pass a very large, specially crafted packet to the
     bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).
   - CVE-2018-1068: Insufficient user provided offset checking in the
     ebtables compat code allowed local attackers to overwrite kernel memory
     and potentially execute code. (bsc#1085107)

   The following non-security bugs were fixed:

   - acpi / bus: Leave modalias empty for devices which are not present
     (bnc#1012382).
   - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).
   - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).
   - add ip6_make_flowinfo helper (bsc#1042286).
   - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).
   - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
     (bnc#1012382).
   - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).
   - alpha: fix crash if pthread_create races with signal delivery
     (bnc#1012382).
   - alpha: fix reboot on Avanti platform (bnc#1012382).
   - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).
   - alsa: hda - Fix headset mic detection problem for two Dell machines
     (bnc#1012382).
   - alsa: hda/realtek - Add headset mode support for Dell laptop
     (bsc#1031717).
   - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).
   - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).
   - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).
   - alsa: seq: Fix racy pool initializations (bnc#1012382).
   - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).
   - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204
     (bnc#1012382).
   - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
     (bnc#1012382).
   - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).
   - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).
   - arm64: Disable unhandled signal log messages by default (bnc#1012382).
   - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).
   - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
     (bnc#1012382).
   - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
     (bnc#1012382).
   - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
     (bnc#1012382).
   - arm: dts: am4372: Correct the interrupts_properties of McASP
     (bnc#1012382).
   - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
     (bnc#1012382).
   - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).
   - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).
   - arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
     (bnc#1012382).
   - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls
     (bnc#1012382).
   - arm: OMAP2+: Fix SRAM virt to phys translation for
     save_secure_ram_context (bnc#1012382).
   - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).
   - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).
   - arm: spear13xx: Fix dmas cells (bnc#1012382).
   - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).
   - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).
   - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).
   - asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).
   - asoc: Intel: Kconfig: fix build when acpi is not enabled (bnc#1012382).
   - asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
     (bsc#1031717).
   - asoc: mediatek: add i2c dependency (bnc#1012382).
   - asoc: nuc900: Fix a loop timeout test (bsc#1031717).
   - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
     (bnc#1012382).
   - asoc: rockchip: disable clock on error (bnc#1012382).
   - asoc: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
     (bnc#1012382).
   - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).
   - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).
   - asoc: simple-card: Fix misleading error message (bnc#1012382).
   - asoc: ux500: add MODULE_LICENSE tag (bnc#1012382).
   - ata: ahci_xgene: free structure returned by acpi_get_object_info()
     (bsc#1082979).
   - b2c2: flexcop: avoid unused function warnings (bnc#1012382).
   - binder: add missing binder_unlock() (bnc#1012382).
   - binder: check for binder_thread allocation failure in binder_poll()
     (bnc#1012382).
   - binfmt_elf: compat: avoid unused function warning (bnc#1012382).
   - blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set
     console_may_schedule in console_trylock()")
   - blktrace: fix unlocked registration of tracepoints (bnc#1012382).
   - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).
   - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
     version (bnc#1012382).
   - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).
   - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine
     (bnc#1012382).
   - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).
   - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).
   - bpf: fix 32-bit divide by zero (bnc#1012382).
   - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).
   - bpf: fix divides by zero (bnc#1012382).
   - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).
   - bpf: reject stores into ctx via st and xadd (bnc#1012382).
   - bridge: implement missing ndo_uninit() (bsc#1042286).
   - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).
   - btrfs: copy fsid to super_block s_uuid (bsc#1080774).
   - btrfs: fix crash due to not cleaning up tree log block's dirty bits
     (bnc#1012382).
   - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).
   - btrfs: fix deadlock when writing out space cache (bnc#1012382).
   - btrfs: fix kernel oops while reading compressed data (bsc#1081671).
   - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
     (bnc#1012382).
   - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).
   - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).
   - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
     (bnc#1012382).
   - can: flex_can: Correct the checking for frame length in
     flexcan_start_xmit() (bnc#1012382).
   - cdrom: turn off autoclose by default (bsc#1080813).
   - cfg80211: check dev_set_name() return value (bnc#1012382).
   - cfg80211: fix cfg80211_beacon_dup (bnc#1012382).
   - cifs: dump IPC tcon in debug proc file (bsc#1071306).
   - cifs: Fix autonegotiate security settings mismatch (bnc#1012382).
   - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).
   - cifs: make IPC a regular tcon (bsc#1071306).
   - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
     (bsc#1071306).
   - cifs: zero sensitive data when freeing (bnc#1012382).
   - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).
   - console/dummy: leave .con_font_get set to NULL (bnc#1012382).
   - cpufreq: Add Loongson machine dependencies (bnc#1012382).
   - crypto: aesni - handle zero length dst buffer (bnc#1012382).
   - crypto: af_alg - whitelist mask and type (bnc#1012382).
   - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).
   - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).
   - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).
   - crypto: poly1305 - remove ->setkey() method (bnc#1012382).
   - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).
   - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).
   - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).
   - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).
   - dccp: limit sk_filter trim to payload (bsc#1042286).
   - dell-wmi, dell-laptop: depends DMI (bnc#1012382).
   - dlm: fix double list_del() (bsc#1082795).
   - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).
   - dmaengine: at_hdmac: fix potential NULL pointer dereference in
     atc_prep_dma_interleaved (bnc#1012382).
   - dmaengine: dmatest: fix container_of member in dmatest_callback
     (bnc#1012382).
   - dmaengine: ioat: Fix error handling path (bnc#1012382).
   - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).
   - dmaengine: zx: fix build warning (bnc#1012382).
   - dm: correctly handle chained bios in dec_pending() (bnc#1012382).
   - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
     (bnc#1012382).
   - do not put symlink bodies in pagecache into highmem (bnc#1012382).
   - dpt_i2o: fix build warning (bnc#1012382).
   - driver-core: use 'dev' argument in dev_dbg_ratelimited stub
     (bnc#1012382).
   - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).
   - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).
   - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
     (bnc#1012382).
   - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).
   - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).
   - drm/armada: fix leak of crtc structure (bnc#1012382).
   - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).
   - drm/gma500: remove helper function (bnc#1012382).
   - drm/gma500: Sanity-check pipe index (bnc#1012382).
   - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).
   - drm/nouveau/pci: do a msi rearm on init (bnc#1012382).
   - drm/radeon: adjust tested variable (bnc#1012382).
   - drm: rcar-du: Fix race condition when disabling planes at CRTC stop
     (bnc#1012382).
   - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).
   - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
     (bnc#1012382).
   - drm/ttm: check the return value of kzalloc (bnc#1012382).
   - drm/vmwgfx: use *_32_bits() macros (bnc#1012382).
   - e1000: fix disabling already-disabled warning (bnc#1012382).
   - edac, octeon: Fix an uninitialized variable warning (bnc#1012382).
   - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).
   - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump
   - ext4: correct documentation for grpid mount option (bnc#1012382).
   - ext4: do not unnecessarily allocate buffer in recently_deleted()
     (bsc#1080344).
   - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).
   - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).
   - f2fs: fix a bug caused by NULL extent tree (bsc#1082478). While this fs
     is not supported by SLE it affects opensuse users so let's add it to our
     kernel for opensuse merging.
   - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).
   - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).
   - fbdev: sis: enforce selection of at least one backend (bnc#1012382).
   - fbdev: sm712fb: avoid unused function warnings (bnc#1012382).
   - flow_dissector: Check skb for VLAN only if skb specified (bsc#1042286).
   - flow_dissector: fix vlan tag handling (bsc#1042286).
   - flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci
     (bsc#1042286).
   - ftrace: Remove incorrect setting of glob search field (bnc#1012382).
   - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).
   - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
     (bnc#1012382).
   - genksyms: Fix segfault with invalid declarations (bnc#1012382).
   - gianfar: fix a flooded alignment reports because of padding issue
     (bnc#1012382).
   - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).
   - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).
   - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).
   - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
   - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).
   - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).
   - gre: build header correctly for collect metadata tunnels (bsc#1042286).
   - gre: do not assign header_ops in collect metadata mode (bsc#1042286).
   - gre: do not keep the GRE header around in collect medata mode
     (bsc#1042286).
   - gre: reject GUE and FOU in collect metadata mode (bsc#1042286).
   - hdpvr: hide unused variable (bnc#1012382).
   - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
     (bnc#1012382).
   - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
     (bnc#1012382).
   - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
     (bnc#1012382).
   - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).
   - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).
   - i2c: remove __init from i2c_register_board_info() (bnc#1012382).
   - ib/ipoib: Fix race condition in neigh creation (bnc#1012382).
   - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH
     ports (bnc#1012382).
   - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).
   - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).
   - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).
   - ibmvnic: Allocate max queues stats buffers (bsc#1081498).
   - ibmvnic: Allocate statistics buffers during probe (bsc#1082993).
   - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,
     git-fixes).
   - ibmvnic: Clean RX pool buffers during device close (bsc#1081134).
   - ibmvnic: Clean up device close (bsc#1084610).
   - ibmvnic: Correct goto target for tx irq initialization failure
     (bsc#1082223).
   - ibmvnic: Do not attempt to login if RX or TX queues are not allocated
     (bsc#1082993).
   - ibmvnic: Do not disable device during failover or partition migration
     (bsc#1084610).
   - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).
   - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).
   - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).
   - ibmvnic: fix firmware version when no firmware level has been provided
     by the VIOS server (bsc#1079038).
   - ibmvnic: Fix login buffer memory leaks (bsc#1081134).
   - ibmvnic: Fix NAPI structures memory leak (bsc#1081134).
   - ibmvnic: Fix recent errata commit (bsc#1085239).
   - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).
   - ibmvnic: Fix TX descriptor tracking again (bsc#1082993).
   - ibmvnic: Fix TX descriptor tracking (bsc#1081491).
   - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change
     (bsc#1081498).
   - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).
   - ibmvnic: Generalize TX pool structure (bsc#1085224).
   - ibmvnic: Handle TSO backing device errata (bsc#1085239).
   - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).
   - ibmvnic: Improve TX buffer accounting (bsc#1085224).
   - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).
   - ibmvnic: Make napi usage dynamic (bsc#1081498).
   - ibmvnic: Move active sub-crq count settings (bsc#1081498).
   - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).
   - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).
   - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).
   - ibmvnic: Rename active queue count variables (bsc#1081498).
   - ibmvnic: Reorganize device close (bsc#1084610).
   - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).
   - ibmvnic: Reset long term map ID counter (bsc#1080364).
   - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).
   - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).
   - ibmvnic: Update release RX pool routine (bsc#1085224).
   - ibmvnic: Update TX and TX completion routines (bsc#1085224).
   - ibmvnic: Update TX pool initialization routine (bsc#1085224).
   - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).
   - idle: i7300: add PCI dependency (bnc#1012382).
   - igb: Free IRQs when device is hotplugged (bnc#1012382).
   - iio: adc: axp288: remove redundant duplicate const on
     axp288_adc_channels (bnc#1012382).
   - iio: adis_lib: Initialize trigger before requesting interrupt
     (bnc#1012382).
   - iio: buffer: check if a buffer has been set up when poll is called
     (bnc#1012382).
   - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
     (bnc#1012382).
   - input: tca8418_keypad - remove double read of key event register
     (git-fixes).
   - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).
   - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).
   - iommu/amd: Fix alloc_irq_index() increment (bsc#975772).
   - iommu/vt-d: Use domain instead of cache fetching (bsc#975772).
   - ip6mr: fix stale iterator (bnc#1012382).
   - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
   - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
   - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
   - ip_tunnel: fix preempt warning in ip tunnel creation/updating
     (bnc#1012382).
   - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).
   - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).
   - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).
   - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).
   - ipv4: update comment to document GSO fragmentation cases (bsc#1042286).
   - ipv6: datagram: Refactor dst lookup and update codes to a new function
     (bsc#1042286).
   - ipv6: datagram: Refactor flowi6 init codes to a new function
     (bsc#1042286).
   - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu
     update (bsc#1042286).
   - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).
   - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).
   - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).
   - ipv6: remove unused in6_addr struct (bsc#1042286).
   - ipv6: tcp: fix endianness annotation in tcp_v6_send_response
     (bsc#1042286).
   - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).
   - ipvlan: Add the skb->mark as flow4's member to lookup route
     (bnc#1012382).
   - ipvlan: fix multicast processing (bsc#1042286).
   - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).
   - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
     (bnc#1012382).
   - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).
   - isdn: icn: remove a #warning (bnc#1012382).
   - isdn: sc: work around type mismatch warning (bnc#1012382).
   - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
     (git-fixes).
   - kABI: protect struct cpuinfo_x86 (kabi).
   - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all
     (kabi).
   - kABI: reintroduce crypto_poly1305_setkey (kabi).
   - kabi: restore kabi after "net: replace dst_cache ip6_tunnel
     implementation with the generic one" (bsc#1082897).
   - kabi: restore nft_set_elem_destroy() signature (bsc#1042286).
   - kabi: restore rhashtable_insert_slow() signature (bsc#1042286).
   - kabi/severities: add __x86_indirect_thunk_rsp
   - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have
     spoken, let there be light.
   - kabi: uninline sk_receive_skb() (bsc#1042286).
   - kaiser: fix compile error without vsyscall (bnc#1012382).
   - kaiser: fix intel_bts perf crashes (bnc#1012382).
   - kasan: rework Kconfig settings (bnc#1012382).
   - kernel/async.c: revert "async: simplify lowest_in_progress()"
     (bnc#1012382).
   - kernel: fix rwlock implementation (bnc#1080360, LTC#164371).
   - kernfs: fix regression in kernfs_fop_write caused by wrong type
     (bnc#1012382).
   - keys: encrypted: fix buffer overread in valid_master_desc()
     (bnc#1012382).
   - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).
   - kvm: add X86_LOCAL_APIC dependency (bnc#1012382).
   - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
     (bsc#1079029).
   - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
     (bnc#1012382).
   - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2
     (bnc#1012382).
   - kvm: nVMX: invvpid handling improvements (bnc#1012382).
   - kvm: nVMX: kmap() can't fail (bnc#1012382).
   - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail
     (bnc#1012382).
   - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled
     (bsc#1066223).
   - kvm: VMX: clean up declaration of VPID/EPT invalidation types
     (bnc#1012382).
   - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).
   - kvm: VMX: Make indirect call speculation safe (bnc#1012382).
   - kvm: x86: Do not re-execute instruction when not passing CR2 value
     (bnc#1012382).
   - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
     (bnc#1012382).
   - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).
   - kvm: X86: Fix operand/address-size during instruction decoding
     (bnc#1012382).
   - kvm: x86: ioapic: Clear Remote IRR when entry is switched to
     edge-triggered (bnc#1012382).
   - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
     (bnc#1012382).
   - kvm: x86: ioapic: Preserve read-only values in the redirection table
     (bnc#1012382).
   - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).
   - kvm/x86: Reduce retpoline performance impact in
     slot_handle_level_range(), by always inlining iterator helper methods
     (bnc#1012382).
   - l2tp: fix use-after-free during module unload (bsc#1042286).
   - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).
   - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
   - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).
   - livepatch: introduce shadow variable API (bsc#1082299 fate#313296).
     Shadow variables support.
   - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299
     fate#313296). Shadow variables support.
   - lockd: fix "list_add double add" caused by legacy signal interface
     (bnc#1012382).
   - loop: fix concurrent lo_open/lo_release (bnc#1012382).
   - mac80211: fix the update of path metric for RANN frame (bnc#1012382).
   - mac80211: mesh: drop frames appearing to be from us (bnc#1012382).
   - Make DST_CACHE a silent config option (bnc#1012382).
   - mdio-sun4i: Fix a memory leak (bnc#1012382).
   - md/raid1: Use a new variable to count flighting sync
     requests(bsc#1078609)
   - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).
   - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
     (bnc#1012382).
   - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
     (bnc#1012382).
   - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).
   - media: s5k6aa: describe some function parameters (bnc#1012382).
   - media: soc_camera: soc_scale_crop: add missing
     MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
   - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).
   - media: usbtv: add a new usbid (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
     (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
     (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
     (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: do not copy back the result for certain
     errors (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
     (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
     (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: move 'helper' functions to
     __get/put_v4l2_format32 (bnc#1012382).
   - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
   - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
     (bnc#1012382).
   - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
     (bnc#1012382).
   - mips: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382).
   - mmc: bcm2835: Do not overwrite max frequency unconditionally
     (bsc#983145, git-fixes).
   - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).
   - mm: hide a #warning for COMPILE_TEST (bnc#1012382).
   - mm/kmemleak.c: make cond_resched() rate-limiting more efficient
     (git-fixes).
   - mm: pin address_space before dereferencing it while isolating an LRU
     page (bnc#1081500).
   - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
     failed (bnc#1012382).
   - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user
     copy (bnc#1012382).
   - modsign: hide openssl output in silent builds (bnc#1012382).
   - module/retpoline: Warn about missing retpoline in module (bnc#1012382).
   - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).
   - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).
   - mtd: cfi: convert inline functions to macros (bnc#1012382).
   - mtd: cfi: enforce valid geometry configuration (bnc#1012382).
   - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).
   - mtd: maps: add __init attribute (bnc#1012382).
   - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).
   - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
     (bnc#1012382).
   - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).
   - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
     (bnc#1012382).
   - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).
   - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).
   - mvpp2: fix multicast address filter (bnc#1012382).
   - ncpfs: fix unused variable warning (bnc#1012382).
   - ncr5380: shut up gcc indentation warning (bnc#1012382).
   - net: add dst_cache support (bnc#1012382).
   - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).
   - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).
   - net: cdc_ncm: initialize drvflags before usage (bnc#1012382).
   - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).
   - net: ena: add detection and recovery mechanism for handling
     missed/misrouted MSI-X (bsc#1083548).
   - net: ena: add new admin define for future support of IPv6 RSS
     (bsc#1083548).
   - net: ena: add power management ops to the ENA driver (bsc#1083548).
   - net: ena: add statistics for missed tx packets (bsc#1083548).
   - net: ena: fix error handling in ena_down() sequence (bsc#1083548).
   - net: ena: fix race condition between device reset and link up setup
     (bsc#1083548).
   - net: ena: fix rare kernel crash when bar memory remap fails
     (bsc#1083548).
   - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).
   - net: ena: improve ENA driver boot time (bsc#1083548).
   - net: ena: increase ena driver version to 1.3.0 (bsc#1083548).
   - net: ena: increase ena driver version to 1.5.0 (bsc#1083548).
   - net: ena: reduce the severity of some printouts (bsc#1083548).
   - net: ena: remove legacy suspend suspend/resume support (bsc#1083548).
   - net: ena: Remove redundant unlikely() (bsc#1083548).
   - net: ena: unmask MSI-X only after device initialization is completed
     (bsc#1083548).
   - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
     (bnc#1012382).
   - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).
   - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
     (bsc#1085107).
   - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
   - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
     clusterip_tg_check() (bnc#1012382).
   - netfilter: ipvs: avoid unused variable warnings (bnc#1012382).
   - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).
   - netfilter: nf_tables: fix a wrong check to skip the inactive rules
     (bsc#1042286).
   - netfilter: nf_tables: fix inconsistent element expiration calculation
     (bsc#1042286).
   - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).
   - netfilter: nf_tables: fix race when create new element in dynset
     (bsc#1042286).
   - netfilter: on sockopt() acquire sock lock only in the required scope
     (bnc#1012382).
   - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).
   - netfilter: x_tables: avoid out-of-bounds reads in
     xt_request_find_{match|target} (bnc#1012382).
   - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
     (bnc#1012382).
   - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
     (bnc#1012382).
   - netfilter: xt_socket: fix transparent match for IPv6 request sockets
     (bsc#1042286).
   - net: gianfar_ptp: move set_fipers() to spinlock protecting area
     (bnc#1012382).
   - net: hp100: remove unnecessary #ifdefs (bnc#1012382).
   - net: igmp: add a missing rcu locking section (bnc#1012382).
   - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags
     (bsc#1042286).
   - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).
   - net: replace dst_cache ip6_tunnel implementation with the generic one
     (bnc#1012382).
   - net_sched: red: Avoid devision by zero (bnc#1012382).
   - net_sched: red: Avoid illegal values (bnc#1012382).
   - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).
   - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).
   - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).
   - nfs: commit direct writes even if they fail partially (bnc#1012382).
   - nfsd: check for use of the closed special stateid (bnc#1012382).
   - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
     (bnc#1012382).
   - nfsd: Ensure we check stateid validity in the seqid operation checks
     (bnc#1012382).
   - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).
   - nfs: fix a deadlock in nfs client initialization (bsc#1074198).
   - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
     (bnc#1012382).
   - nfs: reject request for id_legacy key without auxdata (bnc#1012382).
   - nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).
   - nvme: Fix managing degraded controllers (bnc#1012382).
   - ocfs2: return error when we attempt to access a dirty bh in jbd2
     (bsc#1012829).
   - openvswitch: fix the incorrect flow action alloc size (bnc#1012382).
   - ovl: fix failure to fsync lower dir (bnc#1012382).
   - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).
   - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).
   - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).
   - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).
   - pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).
   - pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382).
   - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).
   - perf top: Fix window dimensions change handling (bnc#1012382).
   - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
     (bnc#1012382).
   - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).
   - pipe: cap initial pipe capacity according to pipe-max-size limit
     (bsc#1045330).
   - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).
   - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
     (bnc#1012382).
   - PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).
   - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).
   - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).
   - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).
   - powerpc/64: Fix flush_(d|i)cache_range() called from modules
     (FATE#315275 LTC#103998 bnc#1012382 bnc#863764).
   - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
     (bnc#1012382).
   - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
     bsc#1075087).
   - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).
   - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
     (bsc#1081512).
   - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).
   - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers
     (bsc#1066223).
   - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
     (bsc#1066223).
   - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
     bsc#1075087).
   - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
     bsc#1075087).
   - powerpc: Simplify module TOC handling (bnc#1012382).
   - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
     (bnc#1012382).
   - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).
   - Provide a function to create a NUL-terminated string from unterminated
     data (bnc#1012382).
   - pwc: hide unused label (bnc#1012382).
   - qla2xxx: asynchronous pci probing (bsc#1034503).
   - qlcnic: fix deadlock bug (bnc#1012382).
   - r8169: fix RTL8168EP take too long to complete driver initialization
     (bnc#1012382).
   - RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382).
   - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).
   - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).
   - Revert "bpf: avoid false sharing of map refcount with max_entries"
     (kabi).
   - Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi).
   - Revert "net: replace dst_cache ip6_tunnel implementation with the
     generic one" (kabi bnc#1082897).
   - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
     (bnc#1012382).
   - Revert "powerpc: Simplify module TOC handling" (kabi).
   - Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"
     This reverts commit 89ef3e2aec59362edf7b1cd1c48acc81cd74e319.
   - Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"
     This reverts commit 5812bed1a96b27804bfd1eadbe3e263cb58aafdf.
   - rfi-flush: Move the logic to avoid a redo into the debugfs code
     (bsc#1068032, bsc#1075087).
   - rfi-flush: Switch to new linear fallback flush (bsc#1068032,
     bsc#1075087).
   - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).
   - rtc-opal: Fix handling of firmware error codes, prevent busy loops
     (bnc#1012382).
   - rtlwifi: fix gcc-6 indentation warning (bnc#1012382).
   - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).
   - s390/dasd: fix handling of internal requests (bsc#1080809).
   - s390/dasd: fix wrongly assigned configuration data (bnc#1012382).
   - s390/dasd: prevent prefix I/O error (bnc#1012382).
   - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).
   - sched/rt: Up the root domain ref count when passing it around via IPIs
     (bnc#1012382).
   - sched/rt: Use container_of() to get root domain in
     rto_push_irq_work_func() (bnc#1012382).
   - scripts/kernel-doc: Do not fail with status != 0 if error encountered
     with -none (bnc#1012382).
   - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
     path (bnc#1012382).
   - scsi: advansys: fix build warning for PCI=n (bnc#1012382).
   - scsi: advansys: fix uninitialized data access (bnc#1012382).
   - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
     (bsc#1005776).
   - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).
   - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
     (bnc#1012382).
   - SCSI: initio: remove duplicate module device table (bnc#1012382).
   - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).
   - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,
     bsc#966328).
   - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout
     (FATE#320146, bsc#966328).
   - scsi: return correct blkprep status code in case scsi_init_io() fails
     (bsc#1082979).
   - scsi: sim710: fix build warning (bnc#1012382).
   - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).
   - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
     (bnc#1012382).
   - scsi: sun_esp: fix device reference leaks (bsc#1082979).
   - scsi: ufs: ufshcd: fix potential NULL pointer dereference in
     ufshcd_config_vreg (bnc#1012382).
   - sctp: make use of pre-calculated len (bnc#1012382).
   - selinux: ensure the context is NUL terminated in
     security_context_to_sid_core() (bnc#1012382).
   - selinux: general protection fault in sock_has_perm (bnc#1012382).
   - selinux: skip bounded transition processing if the policy isn't loaded
     (bnc#1012382).
   - serial: 8250_mid: fix broken DMA dependency (bnc#1012382).
   - serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
     (bsc#1031717).
   - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
     (bnc#1012382).
   - sget(): handle failures of register_shrinker() (bnc#1012382).
   - signal/openrisc: Fix do_unaligned_access to send the proper signal
     (bnc#1012382).
   - signal/sh: Ensure si_signo is initialized in do_divide_error
     (bnc#1012382).
   - SolutionEngine771x: fix Ether platform data (bnc#1012382).
   - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).
   - spi: imx: do not access registers while clocks disabled (bnc#1012382).
   - spi: sun4i: disable clocks in the remove function (bnc#1012382).
   - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).
   - staging: android: ashmem: Fix a race condition in pin ioctls
     (bnc#1012382).
   - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).
   - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).
   - staging: ste_rmi4: avoid unused function warnings (bnc#1012382).
   - staging: unisys: visorinput depends on INPUT (bnc#1012382).
   - staging: wilc1000: fix kbuild test robot error (bnc#1012382).
   - SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382).
   - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).
   - tc358743: fix register i2c_rd/wr function fix (git-fixes).
   - tc358743: fix register i2c_rd/wr functions (bnc#1012382).
   - tcp: do not set rtt_min to 1 (bsc#1042286).
   - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).
   - test_bpf: fix the dummy skb after dissector changes (bsc#1042286).
   - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).
   - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).
   - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).
   - thermal: spear: use __maybe_unused for PM functions (bnc#1012382).
   - tlan: avoid unused label with PCI=n (bnc#1012382).
   - tools build: Add tools tree support for 'make -s' (bnc#1012382).
   - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).
   - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).
   - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).
   - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).
   - udp: restore UDPlite many-cast delivery (bsc#1042286).
   - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).
   - USB: cdc-acm: Do not log urb submission errors on disconnect
     (bnc#1012382).
   - USB: cdc_subset: only build when one driver is enabled (bnc#1012382).
   - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).
   - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).
   - usb: gadget: do not dereference g until after it has been null checked
     (bnc#1012382).
   - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).
   - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).
   - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
     (bnc#1012382).
   - usbip: keep usbip_device sockfd state in sync with tcp_socket
     (bnc#1012382).
   - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).
   - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).
   - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).
   - usb: ldusb: add PIDs for new CASSY devices supported by this driver
     (bnc#1012382).
   - usb: musb/ux500: remove duplicate check for dma_is_compatible
     (bnc#1012382).
   - usb: ohci: Proper handling of ed_rm_list to handle race condition
     between usb_kill_urb() and finish_unlinks() (bnc#1012382).
   - usb: option: Add support for FS040U modem (bnc#1012382).
   - usb: phy: msm add regulator dependency (bnc#1012382).
   - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
     (bnc#1012382).
   - USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).
   - USB: serial: pl2303: new device id for Chilitag (bnc#1012382).
   - USB: serial: simple: add Motorola Tetra driver (bnc#1012382).
   - usb: uas: unconditionally bring back host after reset (bnc#1012382).
   - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).
   - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).
   - vfs: do not do RCU lookup of empty pathnames (bnc#1012382).
   - vhost_net: stop device during reset owner (bnc#1012382).
   - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).
   - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).
   - video: fbdev: sis: remove unused variable (bnc#1012382).
   - video: fbdev: via: remove possibly unused variables (bnc#1012382).
   - video: Use bool instead int pointer for get_opt_bool() argument
     (bnc#1012382).
   - virtio_balloon: prevent uninitialized variable use (bnc#1012382).
   - vlan: Check for vlan ethernet types for 8021.q or 802.1ad (bsc#1042286).
   - vmxnet3: prevent building with 64K pages (bnc#1012382).
   - vxlan: consolidate csum flag handling (bsc#1042286).
   - vxlan: consolidate output route calculation (bsc#1042286).
   - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).
   - vxlan: do not allow overwrite of config src addr (bsc#1042286).
   - watchdog: imx2_wdt: restore previous timeout after suspend+resume
     (bnc#1012382).
   - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).
   - x86: add MULTIUSER dependency for KVM (bnc#1012382).
   - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).
   - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).
   - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).
   - x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).
   - x86/build: Silence the build with "make -s" (bnc#1012382).
   - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).
   - x86/cpu: Change type of x86_cache_size variable to unsigned int
     (bnc#1012382).
   - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
     (bsc#1077560).
   - x86/entry/64: Use a per-CPU trampoline stack for IDT entries
     (bsc#1077560).
   - x86: fix build warnign with 32-bit PAE (bnc#1012382).
   - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).
   - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
     (bnc#1012382).
   - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
     running nested (bsc#1081431).
   - x86/mce: Pin the timer when modifying (bsc#1080851,1076282).
   - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
     preemptibility bug (bnc#1012382).
   - x86/microcode/AMD: Do not load when running on a hypervisor
     (bnc#1012382).
   - x86/microcode: Do the family check first (bnc#1012382).
   - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).
   - x86/nospec: Fix header guards names (bnc#1012382).
   - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).
   - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).
   - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).
   - x86/platform/olpc: Fix resume handler build warning (bnc#1012382).
   - x86/pti: Make unpoison of pgd for trusted boot work for real
     (bnc#1012382).
   - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).
   - x86/retpoline: Avoid retpolines for built-in __init functions
     (bnc#1012382).
   - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).
   - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).
   - x86/spectre: Fix an error message (git-fixes).
   - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
     (bnc#1012382).
   - x86/spectre: Remove the out-of-tree RSB stuffing
   - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).
   - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
     (bnc#1012382).
   - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).
   - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).
   - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).
   - xen-netfront: enable device after manual module load (bnc#1012382).
   - xen-netfront: remove warning when unloading module (bnc#1012382).
   - xen: XEN_acpi_PROCESSOR is Dom0-only (bnc#1012382).
   - xfrm: check id proto in validate_tmpl() (bnc#1012382).
   - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).
   - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies
     (bnc#1012382).
   - xfrm_user: propagate sec ctx allocation errors (bsc#1042286).
   - xfs: do not chain ioends during writepage submission (bsc#1077285
     bsc#1043441).
   - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).
   - xfs: Introduce writeback context for writepages (bsc#1077285
     bsc#1043441).
   - xfs: ioends require logically contiguous file offsets (bsc#1077285
     bsc#1043441).
   - xfs: quota: check result of register_shrinker() (bnc#1012382).
   - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).
   - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).
   - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285
     bsc#1043441).
   - xfs: remove racy hasattr check from attr ops (bsc#1035432).
   - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).
   - xfs: stop searching for free slots in an inode chunk when there are none
     (bsc#1072739).
   - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).
   - xfs: ubsan fixes (bnc#1012382).
   - xfs: validate sb_logsunit is a multiple of the fs blocksize
     (bsc#1077513).
   - xfs: write unmount record for ro mounts (bsc#1073401).
   - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).
   - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP2:

      zypper in -t patch SUSE-SLE-WE-12-SP2-2018-535=1

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-535=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-535=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-535=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2018-535=1

   - SUSE Linux Enterprise High Availability 12-SP2:

      zypper in -t patch SUSE-SLE-HA-12-SP2-2018-535=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-535=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-535=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):

      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1
      kernel-default-extra-4.4.120-92.70.1
      kernel-default-extra-debuginfo-4.4.120-92.70.1

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.4.120-92.70.1
      kernel-obs-build-debugsource-4.4.120-92.70.1

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):

      kernel-docs-4.4.120-92.70.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      kernel-default-4.4.120-92.70.1
      kernel-default-base-4.4.120-92.70.1
      kernel-default-base-debuginfo-4.4.120-92.70.1
      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1
      kernel-default-devel-4.4.120-92.70.1
      kernel-syms-4.4.120-92.70.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

      kernel-devel-4.4.120-92.70.1
      kernel-macros-4.4.120-92.70.1
      kernel-source-4.4.120-92.70.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.4.120-92.70.1
      kernel-default-base-4.4.120-92.70.1
      kernel-default-base-debuginfo-4.4.120-92.70.1
      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1
      kernel-default-devel-4.4.120-92.70.1
      kernel-syms-4.4.120-92.70.1

   - SUSE Linux Enterprise Server 12-SP2 (noarch):

      kernel-devel-4.4.120-92.70.1
      kernel-macros-4.4.120-92.70.1
      kernel-source-4.4.120-92.70.1

   - SUSE Linux Enterprise Server 12-SP2 (s390x):

      kernel-default-man-4.4.120-92.70.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-4_4_120-92_70-default-1-3.3.1

   - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.4.120-92.70.1
      cluster-md-kmp-default-debuginfo-4.4.120-92.70.1
      cluster-network-kmp-default-4.4.120-92.70.1
      cluster-network-kmp-default-debuginfo-4.4.120-92.70.1
      dlm-kmp-default-4.4.120-92.70.1
      dlm-kmp-default-debuginfo-4.4.120-92.70.1
      gfs2-kmp-default-4.4.120-92.70.1
      gfs2-kmp-default-debuginfo-4.4.120-92.70.1
      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1
      ocfs2-kmp-default-4.4.120-92.70.1
      ocfs2-kmp-default-debuginfo-4.4.120-92.70.1

   - SUSE Linux Enterprise Desktop 12-SP2 (noarch):

      kernel-devel-4.4.120-92.70.1
      kernel-macros-4.4.120-92.70.1
      kernel-source-4.4.120-92.70.1

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      kernel-default-4.4.120-92.70.1
      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1
      kernel-default-devel-4.4.120-92.70.1
      kernel-default-extra-4.4.120-92.70.1
      kernel-default-extra-debuginfo-4.4.120-92.70.1
      kernel-syms-4.4.120-92.70.1

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      kernel-default-4.4.120-92.70.1
      kernel-default-debuginfo-4.4.120-92.70.1
      kernel-default-debugsource-4.4.120-92.70.1


References:

   https://www.suse.com/security/cve/CVE-2017-13166.html
   https://www.suse.com/security/cve/CVE-2017-15951.html
   https://www.suse.com/security/cve/CVE-2017-16644.html
   https://www.suse.com/security/cve/CVE-2017-16912.html
   https://www.suse.com/security/cve/CVE-2017-16913.html
   https://www.suse.com/security/cve/CVE-2017-17975.html
   https://www.suse.com/security/cve/CVE-2017-18208.html
   https://www.suse.com/security/cve/CVE-2018-1000026.html
   https://www.suse.com/security/cve/CVE-2018-1068.html
   https://www.suse.com/security/cve/CVE-2018-8087.html
   https://bugzilla.suse.com/1005776
   https://bugzilla.suse.com/1006867
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1012829
   https://bugzilla.suse.com/1027054
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1034503
   https://bugzilla.suse.com/1035432
   https://bugzilla.suse.com/1042286
   https://bugzilla.suse.com/1043441
   https://bugzilla.suse.com/1045330
   https://bugzilla.suse.com/1062840
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1065615
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1067118
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1068569
   https://bugzilla.suse.com/1069135
   https://bugzilla.suse.com/1071306
   https://bugzilla.suse.com/1071892
   https://bugzilla.suse.com/1072363
   https://bugzilla.suse.com/1072689
   https://bugzilla.suse.com/1072739
   https://bugzilla.suse.com/1072865
   https://bugzilla.suse.com/1073401
   https://bugzilla.suse.com/1074198
   https://bugzilla.suse.com/1074426
   https://bugzilla.suse.com/1075087
   https://bugzilla.suse.com/1076282
   https://bugzilla.suse.com/1077285
   https://bugzilla.suse.com/1077513
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077779
   https://bugzilla.suse.com/1078583
   https://bugzilla.suse.com/1078609
   https://bugzilla.suse.com/1078672
   https://bugzilla.suse.com/1078673
   https://bugzilla.suse.com/1078787
   https://bugzilla.suse.com/1079029
   https://bugzilla.suse.com/1079038
   https://bugzilla.suse.com/1079384
   https://bugzilla.suse.com/1079989
   https://bugzilla.suse.com/1080014
   https://bugzilla.suse.com/1080263
   https://bugzilla.suse.com/1080344
   https://bugzilla.suse.com/1080360
   https://bugzilla.suse.com/1080364
   https://bugzilla.suse.com/1080384
   https://bugzilla.suse.com/1080464
   https://bugzilla.suse.com/1080774
   https://bugzilla.suse.com/1080809
   https://bugzilla.suse.com/1080813
   https://bugzilla.suse.com/1080851
   https://bugzilla.suse.com/1081134
   https://bugzilla.suse.com/1081431
   https://bugzilla.suse.com/1081491
   https://bugzilla.suse.com/1081498
   https://bugzilla.suse.com/1081500
   https://bugzilla.suse.com/1081512
   https://bugzilla.suse.com/1081671
   https://bugzilla.suse.com/1082223
   https://bugzilla.suse.com/1082299
   https://bugzilla.suse.com/1082478
   https://bugzilla.suse.com/1082795
   https://bugzilla.suse.com/1082864
   https://bugzilla.suse.com/1082897
   https://bugzilla.suse.com/1082979
   https://bugzilla.suse.com/1082993
   https://bugzilla.suse.com/1083494
   https://bugzilla.suse.com/1083548
   https://bugzilla.suse.com/1084610
   https://bugzilla.suse.com/1085053
   https://bugzilla.suse.com/1085107
   https://bugzilla.suse.com/1085224
   https://bugzilla.suse.com/1085239
   https://bugzilla.suse.com/863764
   https://bugzilla.suse.com/966328
   https://bugzilla.suse.com/975772
   https://bugzilla.suse.com/983145



More information about the sle-security-updates mailing list