Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1039
SUSE Security Update: Security update for the Linux Kernel
26 April 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-5551 CVE-2016-10088 CVE-2016-9794
CVE-2016-9793 CVE-2016-9756 CVE-2016-9685
CVE-2016-9576 CVE-2016-9555 CVE-2016-8646
CVE-2016-8633 CVE-2016-8632 CVE-2016-8399
CVE-2016-7916 CVE-2016-7911 CVE-2016-7910
CVE-2016-7117 CVE-2016-7097 CVE-2016-7042
CVE-2016-5696 CVE-2016-3841 CVE-2015-8964
CVE-2015-8962 CVE-2015-8956 CVE-2015-1350
CVE-2013-6368 CVE-2012-6704 CVE-2004-0230
Reference: ASB-2017.0032
ASB-2017.0020
ESB-2014.0193
ESB-2013.1789
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1102-1
Rating: important
References: #1003077 #1003344 #1003568 #1003677 #1003813
#1003866 #1003925 #1004517 #1004520 #1005857
#1005877 #1005896 #1005903 #1006917 #1006919
#1007615 #1007944 #1008557 #1008645 #1008831
#1008833 #1008893 #1009875 #1010150 #1010175
#1010201 #1010467 #1010501 #1010507 #1010711
#1010716 #1011685 #1011820 #1012411 #1012422
#1012832 #1012851 #1012917 #1013018 #1013038
#1013042 #1013070 #1013531 #1013533 #1013542
#1013604 #1014410 #1014454 #1014746 #1015561
#1015752 #1015760 #1015796 #1015803 #1015817
#1015828 #1015844 #1015848 #1015878 #1015932
#1016320 #1016505 #1016520 #1016668 #1016688
#1016824 #1016831 #1017686 #1017710 #1019148
#1019165 #1019348 #1019783 #1020214 #1021258
#748806 #763198 #771065 #786036 #790588 #795297
#799133 #800999 #803320 #821612 #824171 #851603
#853052 #860441 #863873 #865783 #871728 #901809
#907611 #908458 #908684 #909077 #909350 #909484
#909491 #909618 #913387 #914939 #919382 #922634
#924708 #925065 #928138 #929141 #953233 #956514
#960689 #961589 #962846 #963655 #967716 #968010
#969340 #973203 #973691 #979681 #984194 #986337
#987333 #987576 #989152 #989680 #989764 #989896
#990245 #992566 #992991 #993739 #993832 #995968
#996541 #996557 #997401 #998689 #999101 #999907
Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2013-6368
CVE-2015-1350 CVE-2015-8956 CVE-2015-8962
CVE-2015-8964 CVE-2016-10088 CVE-2016-3841
CVE-2016-5696 CVE-2016-7042 CVE-2016-7097
CVE-2016-7117 CVE-2016-7910 CVE-2016-7911
CVE-2016-7916 CVE-2016-8399 CVE-2016-8632
CVE-2016-8633 CVE-2016-8646 CVE-2016-9555
CVE-2016-9576 CVE-2016-9685 CVE-2016-9756
CVE-2016-9793 CVE-2016-9794 CVE-2017-5551
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 27 vulnerabilities and has 114 fixes
is now available.
Description:
The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the
Linux kernel preserved the setgid bit during a setxattr call involving a
tmpfs filesystem, which allowed local users to gain group privileges by
leveraging the existence of a setgid program with restrictions on
execute permissions. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-7097 (bnc#1021258).
- CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions
(bsc#995968).
- CVE-2016-10088: The sg implementation in the Linux kernel did not
properly restrict write operations in situations where the KERNEL_DS
option is set, which allowed local users to read or write to arbitrary
kernel memory locations or cause a denial of service (use-after-free) by
leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-9576 (bnc#1017710).
- CVE-2016-5696: TCP, when using a large Window Size, made it easier for
remote attackers to guess sequence numbers and cause a denial of service
(connection loss) to persistent TCP connections by repeatedly injecting
a TCP RST packet, especially in protocols that use long-lived
connections, such as BGP (bnc#989152).
- CVE-2015-1350: Denial of service in notify_change for filesystem xattrs
(bsc#914939).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
Linux kernel did not validate the relationship between the minimum
fragment length and the maximum packet size, which allowed local users
to gain privileges or cause a denial of service (heap-based buffer
overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-8399: An elevation of privilege vulnerability in the kernel
networking subsystem could have enabled a local malicious application to
execute arbitrary code within the context of the kernel. This issue is
rated as Moderate because it first requires compromising a privileged
process and current compiler optimizations restrict access to the
vulnerable code. (bnc#1014746).
- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash)
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability for a crafted setsockopt system call with the
(1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash)
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability for a crafted setsockopt system call with the
(1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).
- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
properly initialize Code Segment (CS) in certain error cases, which
allowed local users to obtain sensitive information from kernel stack
memory via a crafted application (bnc#1013038).
- CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and
FMODE_SPLICE_WRITE (bsc#1013604)
- CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock
(bsc#1013533)
- CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection
around np->opt (bsc#992566).
- CVE-2016-9685: Multiple memory leaks in error paths in
fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause
a denial of service (memory consumption) via crafted XFS filesystem
operations (bnc#1012832).
- CVE-2015-8962: Double free vulnerability in the sg_common_write function
in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (memory corruption and system
crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
the Linux kernel lacks chunk-length checking for the first chunk, which
allowed remote attackers to cause a denial of service (out-of-bounds
slab access) or possibly have unspecified other impact via crafted SCTP
data (bnc#1011685).
- CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
function in block/genhd.c in the Linux kernel allowed local users to
gain privileges by leveraging the execution of a certain stop
operation even if the corresponding start operation had failed
(bnc#1010716).
- CVE-2016-7911: Race condition in the get_task_ioprio function in
block/ioprio.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (use-after-free) via a crafted
ioprio_get system call (bnc#1010711).
- CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users
to gain privileges or cause a denial of service (system crash) via a
VAPIC synchronization operation involving a page-end address
(bnc#853052).
- CVE-2015-8964: The tty_set_termios_ldisc function in
drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
obtain sensitive information from kernel memory by reading a tty data
structure (bnc#1010507).
- CVE-2016-7916: Revert "proc: prevent accessing /proc/<PID>/environ until
it's ready (bsc#1010467)"
- CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the
Linux kernel allowed local users to cause a denial of service (OOPS) by
attempting to trigger use of in-kernel hash algorithms for a socket that
has received zero bytes of data (bnc#1010150).
- CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7,
in certain unusual hardware configurations, allowed remote attackers to
execute arbitrary code via crafted fragmented packets (bnc#1008833).
- CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show
function (bsc#1004517).
- CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind
callback (bsc#1003925).
- CVE-2016-7117: net: Fix use after free in the recvmmsg exit path
(bsc#1003077).
The following non-security bugs were fixed:
- blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for
Skyhawk
- blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags
- 8250_pci: Fix potential use-after-free in error path (bsc#1013070).
- IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036).
- IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036).
- IB/mlx4: Fix memory leak if QP creation failed (bsc#786036).
- IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036).
- IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036).
- IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036).
- apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).
- arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).
- be2net: Do not leak iomapped memory on removal (bug#925065).
- block_dev: do not test bdev->bd_contains when it is not stable
(bsc#1008557).
- bna: Add synchronization for tx ring (bsc#993739).
- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
- bnx2x: fix lockdep splat (bsc#908684).
- cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655)
- config.conf: add bigmem flavour on ppc64
- cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).
- cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382).
- crypto: add ghash-generic in the supported.conf(bsc#1016824)
- crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106
(bsc#913387, #bsc1016831).
- dm space map metadata: fix sm_bootstrap_get_nr_blocks()
- dm thin: fix race condition when destroying thin pool workqueue
- dm: do not call dm_sync_table() when creating new devices (bnc#901809,
bsc#1008893).
- drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348)
- ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668).
- ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018).
- ext4: fix reference counting bug on block allocation error (bsc#1013018).
- fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
- fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
- fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
- fs/cifs: Move check for prefix path to within cifs_get_root()
(bsc#799133).
- fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,
bsc#979681).
- fs/cifs: make share unaccessible at root level mountable (bsc#799133).
- futex: Acknowledge a new waiter in counter before plist (bsc#851603).
- futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603).
- hpilo: Add support for iLO5 (bsc#999101).
- hv: do not lose pending heartbeat vmbus packets (bnc#1006919).
- hv: vmbus: avoid scheduling in interrupt context in
vmbus_initiate_unload() (bnc#986337).
- hv: vmbus: avoid wait_for_completion() on crash (bnc#986337).
- hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337).
- hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts
(bnc#986337).
- hv: vmbus: handle various crash scenarios (bnc#986337).
- hv: vmbus: remove code duplication in message handling (bnc#986337).
- hv: vss: run only on supported host versions (bnc#986337).
- i40e: fix an uninitialized variable bug (bsc#909484).
- ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148).
- ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148).
- igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491).
- igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector
(bsc#795297).
- igb: Fix oops caused by missing queue pairing (bsc#909491).
- igb: Fix oops on changing number of rings (bsc#909491).
- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs()
(bsc#909491).
- igb: Unpair the queues when changing the number of queues (bsc#909491).
- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos
too (bsc#865783).
- kabi-fix for flock_owner addition (bsc#998689).
- kexec: add a kexec_crash_loaded() function (bsc#973691).
- kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680).
- kvm: Distangle eventfd code from irqchip (bsc#989680).
- kvm: Iterate over only vcpus that are preempted (bsc#989680).
- kvm: Record the preemption status of vcpus using preempt notifiers
(bsc#989680).
- kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680).
- kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680).
- kvm: make processes waiting on vcpu mutex killable (bsc#989680).
- kvm: nVMX: Add preemption timer support (bsc#989680).
- kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680).
- kvm: use symbolic constant for nr interrupts (bsc#989680).
- kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680).
- kvm: x86: Run PIT work in own kthread (bsc#989680).
- kvm: x86: limit difference between kvmclock updates (bsc#989680).
- kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689).
- lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).
- libata: introduce ata_host->n_tags to avoid oops on SAS controllers
(bsc#871728).
- libata: remove n_tags to avoid kABI breakage (bsc#871728).
- libata: support the ata host which implements a queue depth less than 32
(bsc#871728)
- libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS
response (bsc#962846).
- libfc: Fixup disc_mutex handling (bsc#962846).
- libfc: Issue PRLI after a PRLO has been received (bsc#962846).
- libfc: Revisit kref handling (bnc#990245).
- libfc: Update rport reference counting (bsc#953233).
- libfc: do not send ABTS when resetting exchanges (bsc#962846).
- libfc: fixup locking of ptp_setup() (bsc#962846).
- libfc: reset exchange manager during LOGO handling (bsc#962846).
- libfc: send LOGO for PLOGI failure (bsc#962846).
- locking/mutex: Explicitly mark task as running after wakeup
(bsc#1012411).
- md/raid10: Fix memory leak when raid10 reshape completes
- md/raid10: always set reshape_safe when initializing reshape_position
- md: Drop sending a change uevent when stopping (bsc#1003568).
- md: check command validity early in md_ioctl() (bsc#1004520).
- md: fix problem when adding device to read-only array with bitmap
(bnc#771065).
- memstick: mspro_block: add missing curly braces (bsc#1016688).
- mlx4: add missing braces in verify_qp_parameters (bsc#786036).
- mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
(bnc#763198).
- mm/memory.c: actually remap enough memory (bnc#1005903).
- mm/memory_hotplug.c: check for missing sections in
test_pages_in_a_zone() (bnc#961589).
- mm: fix crashes from mbind() merging vmas (bnc#1005877).
- mm: fix sleeping function warning from __put_anon_vma (bnc#1005857).
- dcache: move the call of __d_drop(anon) into
__d_materialise_unique(dentry, anon) (bsc#984194).
- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
- mremap: enforce rmap src/dst vma ordering in case of vma_merge()
succeeding in copy_vma() (bsc#1008645).
- mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337).
- net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036).
- net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382).
- net/mlx4_core: Avoid returning success in case of an error flow
(bsc#786036).
- net/mlx4_core: Do not BUG_ON during reset when PCI is offline
(bsc#924708).
- net/mlx4_core: Do not access comm channel if it has not yet been
initialized (bsc#924708 bsc#786036).
- net/mlx4_core: Fix error message deprecation for ConnectX-2 cards
(bug#919382).
- net/mlx4_core: Fix the resource-type enum in res tracker to conform to
FW spec (bsc#786036).
- net/mlx4_core: Implement pci_resume callback (bsc#924708).
- net/mlx4_core: Update the HCA core clock frequency after INIT_PORT
(bug#919382).
- net/mlx4_en: Choose time-stamping shift value according to HW frequency
(bsc#919382).
- net/mlx4_en: Fix HW timestamp init issue upon system startup
(bsc#919382).
- net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036).
- net/mlx4_en: Move filters cleanup to a proper location (bsc#786036).
- net/mlx4_en: Remove dependency between timestamping capability and
service_task (bsc#919382).
- net/mlx4_en: fix spurious timestamping callbacks (bsc#919382).
- netfilter: ipv4: defrag: set local_df flag on defragmented skb
(bsc#907611).
- netfront: do not truncate grant references.
- netvsc: fix incorrect receive checksum offloading (bnc#1006917).
- nfs4: reset states to use open_stateid when returning delegation
voluntarily (bsc#1007944).
- nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
- nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873).
- nfsv4: Cap the transport reconnection timer at 1/2 lease period
(bsc#1014410).
- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
- nfsv4: Handle timeouts correctly when probing for lease validity
(bsc#1014410).
- nfsv4: add flock_owner to open context (bnc#998689).
- nfsv4: change nfs4_do_setattr to take an open_context instead of a
nfs4_state (bnc#998689).
- nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of
lock_owner (bnc#998689).
- nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is
one (bnc#998689).
- nvme: Automatic namespace rescan (bsc#1017686).
- nvme: Metadata format support (bsc#1017686).
- ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
- oom: print nodemask in the oom report (bnc#1003866).
- pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models
- pm / hibernate: Fix rtree_next_node() to avoid walking off list ends
(bnc#860441).
- posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).
- posix-timers: Use sighand lock instead of tasklist_lock for task clock
sample (bnc#997401).
- posix-timers: Use sighand lock instead of tasklist_lock on timer
deletion (bnc#997401).
- powerpc/64: Fix incorrect return value from __copy_tofrom_user
(bsc#1005896).
- powerpc/MSI: Fix race condition in tearing down MSI interrupts
(bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
- powerpc/mm/hash64: Fix subpage protection with 4K HPTE config
(bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
- powerpc/mm: Add 64TB support (bsc#928138,fate#319026).
- powerpc/mm: Change the swap encoding in pte (bsc#973203).
- powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026).
- powerpc/mm: Fix hash computation function (bsc#928138,fate#319026).
- powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026).
- powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE
(bsc#928138,fate#319026).
- powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit
(bsc#928138,fate#319026).
- powerpc/mm: Replace open coded CONTEXT_BITS value
(bsc#928138,fate#319026).
- powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026).
- powerpc/mm: Update VSID allocation documentation
(bsc#928138,fate#319026).
- powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026).
- powerpc/mm: Use hpt_va to compute virtual address
(bsc#928138,fate#319026).
- powerpc/mm: Use the required number of VSID bits in slbmte
(bsc#928138,fate#319026).
- powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201,
[2016-10-04] Pending Base Kernel Fixes).
- powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec
(bsc#1003813).
- powerpc: Add ability to build little endian kernels (bsc#967716).
- powerpc: Avoid load of static chain register when calling nested
functions through a pointer on 64bit (bsc#967716).
- powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026).
- powerpc: Do not build assembly files with ABIv2 (bsc#967716).
- powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).
- powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).
- powerpc: Fix error when cross building TAGS & cscope (bsc#967716).
- powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026).
- powerpc: Make the vdso32 also build big-endian (bsc#967716).
- powerpc: Move kdump default base address to half RMO size on 64bit
(bsc#1003344).
- powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).
- powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).
- powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026).
- powerpc: Require gcc 4.0 on 64-bit (bsc#967716).
- powerpc: Update kernel VSID range (bsc#928138,fate#319026).
- powerpc: blacklist fixes for unsupported subarchitectures ppc32 only:
6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC'
obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in
/sys/devices/system/cpu
- powerpc: dtc is required to build dtb files (bsc#967716).
- powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending
Base Kernel Fixes).
- powerpc: scan_features() updates incorrect bits for REAL_LE
(bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
- printk/sched: Introduce special printk_sched() for those awkward
(bsc#1013042, bsc#996541, bsc#1015878).
- ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851).
- qlcnic: fix a loop exit condition better (bsc#909350).
- qlcnic: fix a timeout loop (bsc#909350)
- qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
(bnc#800999).
- reiserfs: fix race in prealloc discard (bsc#987576).
- rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again
- rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
- rpm/package-descriptions: add -bigmem description
- rt2x00: fix rfkill regression on rt2500pci (bnc#748806).
- s390/cio: fix accidental interrupt enabling during resume (bnc#1003677,
LTC#147606).
- s390/time: LPAR offset handling (bnc#1003677, LTC#146920).
- s390/time: move PTFF definitions (bnc#1003677, LTC#146920).
- scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).
- scsi: lpfc: avoid double free of resource identifiers (bsc#989896).
- scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374).
- scsi_error: count medium access timeout only once per EH run
(bsc#993832).
- scsi_error: fixup crash in scsi_eh_reset (bsc#993832)
- serial: 8250_pci: Detach low-level driver during PCI error recovery
(bsc#1013070).
- sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618).
- softirq: sirq threads raising another sirq delegate to the proper thread
Otherwise, high priority timer threads expend cycles precessing other
sirqs, potentially increasing wakeup latencies as thes process sirqs at
a priority other than the priority specified by the user.
- sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race (bnc#803320).
- sunrpc: Enforce an upper limit on the number of cached credentials
(bsc#1012917).
- sunrpc: Fix reconnection timeouts (bsc#1014410).
- sunrpc: Fix two issues with drop_caches and the sunrpc auth cache
(bsc#1012917).
- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
(bsc#1014410).
- tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175).
- tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175).
- tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175).
- tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175).
- tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
(bsc#908458).
- tg3: Fix temperature reporting (bnc#790588).
- tty: Signal SIGHUP before hanging up ldisc (bnc#989764).
- usb: console: fix potential use after free (bsc#1015817).
- usb: console: fix uninitialised ldisc semaphore (bsc#1015817).
- usb: cp210x: Corrected USB request type definitions (bsc#1015932).
- usb: cp210x: relocate private data from USB interface to port
(bsc#1015932).
- usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932).
- usb: ftdi_sio: fix null deref at port probe (bsc#1015796).
- usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
(bsc#922634).
- usb: hub: Fix unbalanced reference count/memory leak/deadlocks
(bsc#968010).
- usb: ipaq.c: fix a timeout loop (bsc#1015848).
- usb: opticon: fix non-atomic allocation in write path (bsc#1015803).
- usb: option: fix runtime PM handling (bsc#1015752).
- usb: serial: cp210x: add 16-bit register access functions (bsc#1015932).
- usb: serial: cp210x: add 8-bit and 32-bit register access functions
(bsc#1015932).
- usb: serial: cp210x: add new access functions for large registers
(bsc#1015932).
- usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932).
- usb: serial: fix potential use-after-free after failed probe
(bsc#1015828).
- usb: serial: io_edgeport: fix memory leaks in attach error path
(bsc#1016505).
- usb: serial: io_edgeport: fix memory leaks in probe error path
(bsc#1016505).
- usb: serial: keyspan: fix use-after-free in probe error path
(bsc#1016520).
- usb: sierra: fix AA deadlock in open error path (bsc#1015561).
- usb: sierra: fix remote wakeup (bsc#1015561).
- usb: sierra: fix urb and memory leak in resume error path (bsc#1015561).
- usb: sierra: fix urb and memory leak on disconnect (bsc#1015561).
- usb: sierra: fix use after free at suspend/resume (bsc#1015561).
- usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760).
- usb: usb_wwan: fix race between write and resume (bsc#1015760).
- usb: usb_wwan: fix urb leak at shutdown (bsc#1015760).
- usb: usb_wwan: fix urb leak in write error path (bsc#1015760).
- usb: usb_wwan: fix write and suspend race (bsc#1015760).
- usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
- usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844).
- vmxnet3: Wake queue from reset work (bsc#999907).
- x86, amd_nb: Clarify F15h, model 30h GART and L3 support
- x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).
- x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and
sync_regs (bsc#909077).
- x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors
- x86/gart: Check for GART support before accessing GART registers
- xenbus: do not invoke ->is_ready() for most device states (bsc#987333).
- zcrypt: Fix hang condition on crypto card config-off (bsc#1016320).
- zcrypt: Fix invalid domain response handling (bsc#1016320).
- zfcp: Fix erratic device offline during EH (bsc#993832).
- zfcp: close window with unblocked rport during rport gone (bnc#1003677).
- zfcp: fix D_ID field with actual value on tracing SAN responses
(bnc#1003677).
- zfcp: fix ELS/GS request&response length for hardware data router
(bnc#1003677).
- zfcp: fix payload trace length for SAN request&response (bnc#1003677).
- zfcp: restore tracing of handle for port and LUN with HBA records
(bnc#1003677).
- zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
(bnc#1003677).
- zfcp: retain trace level for SCSI and HBA FSF response records
(bnc#1003677).
- zfcp: trace full payload of all SAN records (req,resp,iels)
(bnc#1003677).
- zfcp: trace on request for open and close of WKA port (bnc#1003677).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-kernel-13074=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-13074=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
kernel-rt-3.0.101.rt130-68.1
kernel-rt-base-3.0.101.rt130-68.1
kernel-rt-devel-3.0.101.rt130-68.1
kernel-rt_trace-3.0.101.rt130-68.1
kernel-rt_trace-base-3.0.101.rt130-68.1
kernel-rt_trace-devel-3.0.101.rt130-68.1
kernel-source-rt-3.0.101.rt130-68.1
kernel-syms-rt-3.0.101.rt130-68.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
kernel-rt-debuginfo-3.0.101.rt130-68.1
kernel-rt-debugsource-3.0.101.rt130-68.1
kernel-rt_debug-debuginfo-3.0.101.rt130-68.1
kernel-rt_debug-debugsource-3.0.101.rt130-68.1
kernel-rt_trace-debuginfo-3.0.101.rt130-68.1
kernel-rt_trace-debugsource-3.0.101.rt130-68.1
References:
https://www.suse.com/security/cve/CVE-2004-0230.html
https://www.suse.com/security/cve/CVE-2012-6704.html
https://www.suse.com/security/cve/CVE-2013-6368.html
https://www.suse.com/security/cve/CVE-2015-1350.html
https://www.suse.com/security/cve/CVE-2015-8956.html
https://www.suse.com/security/cve/CVE-2015-8962.html
https://www.suse.com/security/cve/CVE-2015-8964.html
https://www.suse.com/security/cve/CVE-2016-10088.html
https://www.suse.com/security/cve/CVE-2016-3841.html
https://www.suse.com/security/cve/CVE-2016-5696.html
https://www.suse.com/security/cve/CVE-2016-7042.html
https://www.suse.com/security/cve/CVE-2016-7097.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-7910.html
https://www.suse.com/security/cve/CVE-2016-7911.html
https://www.suse.com/security/cve/CVE-2016-7916.html
https://www.suse.com/security/cve/CVE-2016-8399.html
https://www.suse.com/security/cve/CVE-2016-8632.html
https://www.suse.com/security/cve/CVE-2016-8633.html
https://www.suse.com/security/cve/CVE-2016-8646.html
https://www.suse.com/security/cve/CVE-2016-9555.html
https://www.suse.com/security/cve/CVE-2016-9576.html
https://www.suse.com/security/cve/CVE-2016-9685.html
https://www.suse.com/security/cve/CVE-2016-9756.html
https://www.suse.com/security/cve/CVE-2016-9793.html
https://www.suse.com/security/cve/CVE-2016-9794.html
https://www.suse.com/security/cve/CVE-2017-5551.html
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1003344
https://bugzilla.suse.com/1003568
https://bugzilla.suse.com/1003677
https://bugzilla.suse.com/1003813
https://bugzilla.suse.com/1003866
https://bugzilla.suse.com/1003925
https://bugzilla.suse.com/1004517
https://bugzilla.suse.com/1004520
https://bugzilla.suse.com/1005857
https://bugzilla.suse.com/1005877
https://bugzilla.suse.com/1005896
https://bugzilla.suse.com/1005903
https://bugzilla.suse.com/1006917
https://bugzilla.suse.com/1006919
https://bugzilla.suse.com/1007615
https://bugzilla.suse.com/1007944
https://bugzilla.suse.com/1008557
https://bugzilla.suse.com/1008645
https://bugzilla.suse.com/1008831
https://bugzilla.suse.com/1008833
https://bugzilla.suse.com/1008893
https://bugzilla.suse.com/1009875
https://bugzilla.suse.com/1010150
https://bugzilla.suse.com/1010175
https://bugzilla.suse.com/1010201
https://bugzilla.suse.com/1010467
https://bugzilla.suse.com/1010501
https://bugzilla.suse.com/1010507
https://bugzilla.suse.com/1010711
https://bugzilla.suse.com/1010716
https://bugzilla.suse.com/1011685
https://bugzilla.suse.com/1011820
https://bugzilla.suse.com/1012411
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012832
https://bugzilla.suse.com/1012851
https://bugzilla.suse.com/1012917
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1013038
https://bugzilla.suse.com/1013042
https://bugzilla.suse.com/1013070
https://bugzilla.suse.com/1013531
https://bugzilla.suse.com/1013533
https://bugzilla.suse.com/1013542
https://bugzilla.suse.com/1013604
https://bugzilla.suse.com/1014410
https://bugzilla.suse.com/1014454
https://bugzilla.suse.com/1014746
https://bugzilla.suse.com/1015561
https://bugzilla.suse.com/1015752
https://bugzilla.suse.com/1015760
https://bugzilla.suse.com/1015796
https://bugzilla.suse.com/1015803
https://bugzilla.suse.com/1015817
https://bugzilla.suse.com/1015828
https://bugzilla.suse.com/1015844
https://bugzilla.suse.com/1015848
https://bugzilla.suse.com/1015878
https://bugzilla.suse.com/1015932
https://bugzilla.suse.com/1016320
https://bugzilla.suse.com/1016505
https://bugzilla.suse.com/1016520
https://bugzilla.suse.com/1016668
https://bugzilla.suse.com/1016688
https://bugzilla.suse.com/1016824
https://bugzilla.suse.com/1016831
https://bugzilla.suse.com/1017686
https://bugzilla.suse.com/1017710
https://bugzilla.suse.com/1019148
https://bugzilla.suse.com/1019165
https://bugzilla.suse.com/1019348
https://bugzilla.suse.com/1019783
https://bugzilla.suse.com/1020214
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/748806
https://bugzilla.suse.com/763198
https://bugzilla.suse.com/771065
https://bugzilla.suse.com/786036
https://bugzilla.suse.com/790588
https://bugzilla.suse.com/795297
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/800999
https://bugzilla.suse.com/803320
https://bugzilla.suse.com/821612
https://bugzilla.suse.com/824171
https://bugzilla.suse.com/851603
https://bugzilla.suse.com/853052
https://bugzilla.suse.com/860441
https://bugzilla.suse.com/863873
https://bugzilla.suse.com/865783
https://bugzilla.suse.com/871728
https://bugzilla.suse.com/901809
https://bugzilla.suse.com/907611
https://bugzilla.suse.com/908458
https://bugzilla.suse.com/908684
https://bugzilla.suse.com/909077
https://bugzilla.suse.com/909350
https://bugzilla.suse.com/909484
https://bugzilla.suse.com/909491
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/913387
https://bugzilla.suse.com/914939
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/922634
https://bugzilla.suse.com/924708
https://bugzilla.suse.com/925065
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/929141
https://bugzilla.suse.com/953233
https://bugzilla.suse.com/956514
https://bugzilla.suse.com/960689
https://bugzilla.suse.com/961589
https://bugzilla.suse.com/962846
https://bugzilla.suse.com/963655
https://bugzilla.suse.com/967716
https://bugzilla.suse.com/968010
https://bugzilla.suse.com/969340
https://bugzilla.suse.com/973203
https://bugzilla.suse.com/973691
https://bugzilla.suse.com/979681
https://bugzilla.suse.com/984194
https://bugzilla.suse.com/986337
https://bugzilla.suse.com/987333
https://bugzilla.suse.com/987576
https://bugzilla.suse.com/989152
https://bugzilla.suse.com/989680
https://bugzilla.suse.com/989764
https://bugzilla.suse.com/989896
https://bugzilla.suse.com/990245
https://bugzilla.suse.com/992566
https://bugzilla.suse.com/992991
https://bugzilla.suse.com/993739
https://bugzilla.suse.com/993832
https://bugzilla.suse.com/995968
https://bugzilla.suse.com/996541
https://bugzilla.suse.com/996557
https://bugzilla.suse.com/997401
https://bugzilla.suse.com/998689
https://bugzilla.suse.com/999101
https://bugzilla.suse.com/999907
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWQAsd4x+lLeg9Ub1AQgIkQ//SJPwanP3FESBlJt6uytXwAtrlz6eQSQa
QXXE9p42nmCMWdXFbW+d3ktCoDbpbEXiyfrCqkNLoZVMyRJ59/FvePEHXcMIXzq+
h30DUUU2biiFYrll6OAMiR61vv4pHJRdbTfyVTsHCWH/JDqVtmwFvOfK1lC1zc5j
yUm0vwBxc6fxv+Z16N0SWJz4I0pBllwSylKdkZdpxKk3LJs68OptdXo+MVsQMWRc
VXCGs3dmD+OPyuZrXDZ/6iDzhU3tsZLutxMdUYTGLtRgwMaVjtSmUdXW5pRjshxv
QJyrNC8zpBsa0jhMetpKfo3DqW5QOV8y8lfMY3kDBJxURjPBKN51953gL8YuWcTn
roDEYB90ckQ6SUKlPzWtQQGcyK63Ovkda/M03xFNW7N6/XCn6o4enT96gz/luw8K
TlN77HGYstWIiv7sN4tmH5DXB+M7u3EFl/JCY17A6N7pMACm1eQFc/Tw4BNYOdty
R81rXMOvLyIgvxC+9matsiedaqN6MlOkSBdVkcZvKbCsV0b3JQF2PR4+XZQzUOr0
99UoOfGh7Dv4j0t66hpC/4/Se2fbk1LmmH/4HfYs3HGQSDR9KSLAOO6M/Sm5VYbF
+HUXFCCcHgbKwBRGNyDu6Zdb21jluFUvefUvLoj3jYHDvvRwiCEFlq76/PdRb0nG
6tokQqDbWto=
=y9pJ
-----END PGP SIGNATURE-----