SUSE-RU-2018:1481-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu May 31 07:07:32 MDT 2018


   SUSE Recommended Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-RU-2018:1481-1
Rating:             important
References:         #1012382 #1036215 #1066223 #1068032 #1070404 
                    #1073059 #1076805 #1081599 #1085185 #1088810 
                    #1092772 #1092813 #1092888 #1092975 #1093035 
                    #1093533 #1093904 #1093990 #1094033 #1094059 
                    #1094177 #1094268 #1094356 #1094405 #1094532 
                    #919144 #973378 #993388 
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Live Patching 12-SP3
                    SUSE Linux Enterprise High Availability 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE CaaS Platform ALL
______________________________________________________________________________

   An update that has 28 recommended fixes can now be
   installed.

Description:



   The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.132 to receive
   various bugfixes.

   The following non-security bugs were fixed:

   - ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
   - ALSA: aloop: Mark paused device as inactive (bnc#1012382).
   - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
   - ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
   - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
     (bnc#1012382).
   - ALSA: timer: Fix pause event notification (bsc#973378).
   - Bluetooth: Revert: btusb: Fix quirk for Atheros 1525/QCA6174"
     (bnc#1012382).
   - IB/mlx5: Use unlimited rate when static rate is not supported
     (bnc#1012382).
   - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook
     Pro (bnc#1012382).
   - Input: leds - fix out of bound access (bnc#1012382).
   - KVM: s390: Enable all facility bits that are known good for passthrough
     (bnc#1012382 bsc#1073059 bsc#1076805).
   - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).
   - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg()
     (bnc#1094268).
   - RDMA/mlx5: Protect from shift operand overflow (bnc#1012382).
   - RDMA/ucma: Allow resolving address w/o specifying source address
     (bnc#1012382).
   - ath10k: Revert: rebuild crypto header in rx data frames" (kabi).
   - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
     (bnc#1012382).
   - ath10k: rebuild crypto header in rx data frames (bnc#1012382).
   - atm: zatm: Fix potential Spectre v1 (bnc#1012382).
   - bdi: Fix oops in wb_workfn() (bnc#1012382).
   - blacklist.conf: Blacklist 001ab5a67ee5
   - blacklist.conf: Blacklist 3172485f4f80
   - blacklist.conf: Blacklist 8a1ac5dc7be0
   - blacklist.conf: Blacklist a09acf4b43b9
   - blacklist.conf: Blacklist a86b06d1ccd2
   - blacklist.conf: add cifs commit RMDA is unsupported in all SLE versions.
   - bpf: map_get_next_key to return first key on NULL (bnc#1012382).
   - bs-upload-kernel: Revert: do not set %opensuse_bs" This reverts commit
     e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
   - can: kvaser_usb: Increase correct stats counter in
     kvaser_usb_rx_can_msg() (bnc#1012382).
   - ceph: fix st_nlink stat for directories (bsc#1093904).
   - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).
   - dccp: initialize ireq->ir_mark (bnc#1012382).
   - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
   - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).
   - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).
   - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).
   - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).
   - ibmvnic: Only do H_EOI for mobility events (bsc#1094356).
   - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).
   - kABI: protect struct ath10k_hw_params (kabi).
   - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
     (bsc#1094033).
   - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).
   - loop: handle short DIO reads (bsc#1094177).
   - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).
   - mac80211: Revert: Add RX flag to indicate ICV stripped" (kabi).
   - mac80211: Revert: allow not sending MIC up from driver for HW crypto"
     (kabi).
   - mac80211: Revert: allow same PN for AMSDU sub-frames" (kabi).
   - mac80211: allow not sending MIC up from driver for HW crypto
     (bnc#1012382).
   - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).
   - net: atm: Fix potential Spectre v1 (bnc#1012382).
   - net: fix rtnh_ok() (bnc#1012382).
   - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).
   - net: initialize skb->peeked when cloning (bnc#1012382).
   - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).
   - nvme-pci: Fix EEH failure on ppc (bsc#1093533).
   - nvme: target: fix buffer overflow (bsc#993388).
   - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
   - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
     (bsc#1070404).
   - percpu: include linux/sched.h for cond_resched() (bnc#1012382).
   - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
     (bnc#1012382).
   - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).
   - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
     (bnc#1012382).
   - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
     (bnc#1012382).
   - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
     (bnc#1012382).
   - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
     (bnc#1012382).
   - perf: Remove superfluous allocation error check (bnc#1012382).
   - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill
     (bsc#1093035).
   - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).
   - powerpc/fadump: exclude memory holes while reserving memory in second
     kernel (bsc#1092772).
   - powerpc: conditionally compile platform-specific serial drivers
     (bsc#1066223).
   - powerpc: signals: Discard transaction state from signal frames
     (bsc#1094059).
   - rfkill: gpio: fix memory leak in probe error path (bnc#1012382).
   - s390/cpum_sf: ensure sample frequency of perf event attributes is
     non-zero (bnc#1094532, LTC#168035).
   - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532,
     LTC#168037).
   - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532,
     LTC#168038).
   - soreuseport: initialise timewait reuseport field (bnc#1012382).
   - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
     (bsc#1088810).
   - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).
   - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
   - test_firmware: fix setting old custom fw path back on exit, second try
     (bnc#1012382).
   - tracepoint: Do not warn on ENOMEM (bnc#1012382).
   - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).
   - tracing: Fix regex_match_front() to not over compare the test string
     (bnc#1012382).
   - usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382
     bsc#1092888).
   - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).
   - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).
   - usb: serial: option: Add support for Quectel EP06 (bnc#1012382).
   - usb: serial: option: adding support for ublox R410M (bnc#1012382).
   - usb: serial: option: reimplement interface masking (bnc#1012382).
   - usb: serial: visor: handle potential invalid device configuration
     (bnc#1012382).
   - watchdog: Revert: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
   - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).
   - watchdog: hpwdt: Update Module info and copyright (bsc#1085185).
   - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
   - watchdog: hpwdt: Update nmi_panic message) (bsc#1085185).
   - watchdog: hpwdt: condition early return of NMI handler on iLO5
     (bsc#1085185).
   - x86/bugs: Respect retpoline command line option (bsc#1068032).
   - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
   - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).
   - xfs: fix endianness error when checking log block crc on big endian
     platforms (bsc#1094405, bsc#1036215).
   - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP3:

      zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1011=1

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1011=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1

   - SUSE Linux Enterprise Live Patching 12-SP3:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1011=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1011=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1011=1

   - SUSE CaaS Platform ALL:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):

      kernel-default-debuginfo-4.4.132-94.33.1
      kernel-default-debugsource-4.4.132-94.33.1
      kernel-default-extra-4.4.132-94.33.1
      kernel-default-extra-debuginfo-4.4.132-94.33.1

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.4.132-94.33.1
      kernel-obs-build-debugsource-4.4.132-94.33.1

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):

      kernel-docs-4.4.132-94.33.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.4.132-94.33.1
      kernel-default-base-4.4.132-94.33.1
      kernel-default-base-debuginfo-4.4.132-94.33.1
      kernel-default-debuginfo-4.4.132-94.33.1
      kernel-default-debugsource-4.4.132-94.33.1
      kernel-default-devel-4.4.132-94.33.1
      kernel-syms-4.4.132-94.33.1

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      kernel-devel-4.4.132-94.33.1
      kernel-macros-4.4.132-94.33.1
      kernel-source-4.4.132-94.33.1

   - SUSE Linux Enterprise Server 12-SP3 (s390x):

      kernel-default-man-4.4.132-94.33.1

   - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):

      kgraft-patch-4_4_132-94_33-default-1-4.3.1
      kgraft-patch-4_4_132-94_33-default-debuginfo-1-4.3.1

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.4.132-94.33.1
      cluster-md-kmp-default-debuginfo-4.4.132-94.33.1
      dlm-kmp-default-4.4.132-94.33.1
      dlm-kmp-default-debuginfo-4.4.132-94.33.1
      gfs2-kmp-default-4.4.132-94.33.1
      gfs2-kmp-default-debuginfo-4.4.132-94.33.1
      kernel-default-debuginfo-4.4.132-94.33.1
      kernel-default-debugsource-4.4.132-94.33.1
      ocfs2-kmp-default-4.4.132-94.33.1
      ocfs2-kmp-default-debuginfo-4.4.132-94.33.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      kernel-default-4.4.132-94.33.1
      kernel-default-debuginfo-4.4.132-94.33.1
      kernel-default-debugsource-4.4.132-94.33.1
      kernel-default-devel-4.4.132-94.33.1
      kernel-default-extra-4.4.132-94.33.1
      kernel-default-extra-debuginfo-4.4.132-94.33.1
      kernel-syms-4.4.132-94.33.1

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      kernel-devel-4.4.132-94.33.1
      kernel-macros-4.4.132-94.33.1
      kernel-source-4.4.132-94.33.1

   - SUSE CaaS Platform ALL (x86_64):

      kernel-default-4.4.132-94.33.1
      kernel-default-debuginfo-4.4.132-94.33.1
      kernel-default-debugsource-4.4.132-94.33.1


References:

   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1036215
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1070404
   https://bugzilla.suse.com/1073059
   https://bugzilla.suse.com/1076805
   https://bugzilla.suse.com/1081599
   https://bugzilla.suse.com/1085185
   https://bugzilla.suse.com/1088810
   https://bugzilla.suse.com/1092772
   https://bugzilla.suse.com/1092813
   https://bugzilla.suse.com/1092888
   https://bugzilla.suse.com/1092975
   https://bugzilla.suse.com/1093035
   https://bugzilla.suse.com/1093533
   https://bugzilla.suse.com/1093904
   https://bugzilla.suse.com/1093990
   https://bugzilla.suse.com/1094033
   https://bugzilla.suse.com/1094059
   https://bugzilla.suse.com/1094177
   https://bugzilla.suse.com/1094268
   https://bugzilla.suse.com/1094356
   https://bugzilla.suse.com/1094405
   https://bugzilla.suse.com/1094532
   https://bugzilla.suse.com/919144
   https://bugzilla.suse.com/973378
   https://bugzilla.suse.com/993388



More information about the sle-updates mailing list