Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.2278
SUSE Security Update: Security update for the Linux Kernel
11 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-1000380 CVE-2017-1000365 CVE-2017-1000363
CVE-2017-11473 CVE-2017-11176 CVE-2017-9242
CVE-2017-9077 CVE-2017-9076 CVE-2017-9075
CVE-2017-9074 CVE-2017-8925 CVE-2017-8924
CVE-2017-8890 CVE-2017-7542 CVE-2017-7533
CVE-2017-7487 CVE-2017-7482 CVE-2017-6951
CVE-2017-2647 CVE-2016-10277 CVE-2014-9922
Reference: ASB-2017.0141
ASB-2017.0032
ESB-2017.2233
ESB-2017.2214
Original Bulletin:
https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2389-1
Rating: important
References: #1000365 #1000380 #1012422 #1013018 #1015452
#1023051 #1029140 #1029850 #1030552 #1030593
#1030814 #1032340 #1032471 #1034026 #1034670
#1035576 #1035721 #1035777 #1035920 #1036056
#1036288 #1036629 #1037191 #1037193 #1037227
#1037232 #1037233 #1037356 #1037358 #1037359
#1037441 #1038544 #1038879 #1038981 #1038982
#1039258 #1039354 #1039456 #1039594 #1039882
#1039883 #1039885 #1040069 #1040351 #1041160
#1041431 #1041762 #1041975 #1042045 #1042615
#1042633 #1042687 #1042832 #1042863 #1043014
#1043234 #1043935 #1044015 #1044125 #1044216
#1044230 #1044854 #1044882 #1044913 #1045154
#1045356 #1045416 #1045479 #1045487 #1045525
#1045538 #1045547 #1045615 #1046107 #1046192
#1046715 #1047027 #1047053 #1047343 #1047354
#1047487 #1047523 #1047653 #1048185 #1048221
#1048232 #1048275 #1049128 #1049483 #1049603
#1049688 #1049882 #1050154 #1050431 #1051478
#1051515 #1051770 #1055680 #784815 #792863
#799133 #909618 #919382 #928138 #938352 #943786
#948562 #962257 #971975 #972891 #986924 #990682
#995542
Cross-References: CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363
CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176
CVE-2017-11473 CVE-2017-2647 CVE-2017-6951
CVE-2017-7482 CVE-2017-7487 CVE-2017-7533
CVE-2017-7542 CVE-2017-8890 CVE-2017-8924
CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise High Availability Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 21 vulnerabilities and has 92 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-7482: Several missing length checks ticket decode allowing for
information leak or potentially code execution (bsc#1046107).
- CVE-2016-10277: Potential privilege escalation due to a missing bounds
check in the lp driver. A kernel command-line adversary can overflow the
parport_nr array to execute code (bsc#1039456).
- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bsc#1049882).
- CVE-2017-7533: Bug in inotify code allowing privilege escalation
(bsc#1049483).
- CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bsc#1048275).
- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bnc#1049603).
- CVE-2017-1000365: The Linux Kernel imposed a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation. (bnc#1039354)
- CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
users to gain privileges via a large filesystem stack that includes an
overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
(bnc#1032340)
- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1038982).
- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1038981).
- CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in
the ALSA /dev/snd/timer driver resulting in local users being able to
read information belonging to other users, i.e., uninitialized memory
contents could have bene disclosed when a read and an ioctl happen at
the same time (bnc#1044125)
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
was too late in checking whether an overwrite of an skb data structure
may occur, which allowed local users to cause a denial of service
(system crash) via crafted system calls (bnc#1041431)
- CVE-2017-1000363: A buffer overflow in kernel commandline handling of
the "lp" parameter could be used by local console attackers to bypass
certain secure boot settings. (bnc#1039456)
- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)
- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)
- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882)
- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879)
- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544)
- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593)
- CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the "dead" type (bnc#1029850)
The following non-security bugs were fixed:
- 8250: use callbacks to access UART_DLL/UART_DLM.
- ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
- ALSA: hda - Fix regression of HD-audio controller fallback modes
(bsc#1045538).
- ALSA: hda - using uninitialized data (bsc#1045538).
- ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
(bsc#1045538).
- ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
(bsc#1045538).
- ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
- ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
- Add CVE tag to references
- CIFS: backport prepath matching fix (bsc#799133).
- Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).
- EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().
- Fix scripts/bigmem-generate-ifdef-guard to work on all branches
- Fix soft lockup in svc_rdma_send (bsc#1044854).
- IB/mlx4: Demote mcg message from warning to debug (bsc#919382).
- IB/mlx4: Fix ib device initialization error flow (bsc#919382).
- IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
- IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
- IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
(bsc#919382).
- IB/mlx4: Set traffic class in AH (bsc#919382).
- Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
operation (bsc#1036288).
- Input: cm109 - validate number of endpoints before using them
(bsc#1037193).
- Input: hanwang - validate number of endpoints before using them
(bsc#1037232).
- Input: yealink - validate number of endpoints before using them
(bsc#1037227).
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (bnc#1035576).
- NFS: Avoid getting confused by confused server (bsc#1045416).
- NFS: Fix another OPEN_DOWNGRADE bug (git-next).
- NFS: Fix size of NFSACL SETACL operations (git-fixes).
- NFS: Make nfs_readdir revalidate less often (bsc#1048232).
- NFS: tidy up nfs_show_mountd_netid (git-fixes).
- NFSD: Do not use state id of 0 - it is reserved (bsc#1049688
bsc#1051770).
- NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
- NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).
- NFSv4: Fix problems with close in the presence of a delegation
(git-fixes).
- NFSv4: Fix the underestimation of delegation XDR space reservation
(git-fixes).
- NFSv4: fix getacl head length estimation (git-fixes).
- PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
- Remove superfluous make flags (bsc#1012422)
- Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
- Revert "math64: New div64_u64_rem helper" (bnc#938352).
- SUNRPC: Fix a memory leak in the backchannel code (git-fixes).
- Staging: vt6655-6: potential NULL dereference in
hostap_disable_hostapd() (bsc#1045479).
- USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
- USB: class: usbtmc: do not print error when allocating urb fails
(bsc#1036288).
- USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).
- USB: iowarrior: fix NULL-deref in write (bsc#1037359).
- USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
- USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
- USB: serial: ark3116: fix register-accessor error handling (git-fixes).
- USB: serial: ch341: fix open error handling (bsc#1037441).
- USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).
- USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
- USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
- USB: serial: io_ti: fix information leak in completion handler
(git-fixes).
- USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
- USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).
- USB: serial: sierra: fix bogus alternate-setting assumption
(bsc#1037441).
- USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
- USB: usbip: fix nonconforming hub descriptor (bsc#1047487).
- USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
- USB: usbtmc: Change magic number to constant (bsc#1036288).
- USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
- USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
- USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
- USB: usbtmc: add missing endpoint sanity check (bsc#1036288).
- USB: usbtmc: fix DMA on stack (bsc#1036288).
- USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
- USB: usbtmc: fix probe error path (bsc#1036288).
- USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
(bsc#1036288).
- USB: wusbcore: fix NULL-deref at probe (bsc#1045487).
- Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
- Use make --output-sync feature when available (bsc#1012422).
- Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
- __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
- acpi: Disable APEI error injection if securelevel is set (bsc#972891,
bsc#1023051).
- af_key: Add lock to key dump (bsc#1047653).
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
- ath9k: fix buffer overrun for ar9287 (bsc#1045538).
- blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU
(bsc#1035721).
- blacklist.conf: Add a few inapplicable items (bsc#1045538).
- blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub
to weak to prevent gcc from using short jumps to it') The released
kernels are not build with a gas new enough to optimize the jmps so that
this patch would be required. (bsc#1051478)
- blkback/blktap: do not leak stack data via response ring (bsc#1042863
XSA-216).
- block: do not allow updates through sysfs until registration completes
(bsc#1047027).
- block: fix ext_dev_lock lockdep report (bsc#1050154).
- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- cifs: Timeout on SMBNegotiate request (bsc#1044913).
- cifs: do not compare uniqueids in cifs_prime_dcache unless server inode
numbers are in use (bsc#1041975). backporting upstream commit
2f2591a34db6c9361faa316c91a6e320cb4e6aee
- cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
- cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
- crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).
- decompress_bunzip2: off by one in get_next_block() (git-fixes).
- dentry name snapshots (bsc#1049483).
- devres: fix a for loop bounds check (git-fixes).
- dm: fix ioctl retry termination with signal (bsc#1050154).
- drm/mgag200: Add support for G200eH3 (bnc#1044216)
- drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
bsc#995542).
- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: fix fdatasync(2) after extent manipulation operations
(bsc#1013018).
- ext4: keep existing extra fields when inode expands (bsc#1013018).
- fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
- firmware: fix directory creation rule matching with make 3.80
(bsc#1012422).
- firmware: fix directory creation rule matching with make 3.82
(bsc#1012422).
- fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit (bsc#1042045).
- fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
- fnic: Using rport->dd_data to check rport online instead of rport_lookup
(bsc#1035920).
- fs/block_dev: always invalidate cleancache in invalidate_bdev()
(git-fixes).
- fs/xattr.c: zero out memory copied to userspace in getxattr
(bsc#1013018).
- fs: fix data invalidation in the cleancache during direct IO (git-fixes).
- fuse: add missing FR_FORCE (bsc#1013018).
- genirq: Prevent proc race against freeing of irq descriptors
(bnc#1044230).
- hrtimer: Allow concurrent hrtimer_start() for self restarting timers
(bnc#1013018).
- initial cr0 bits (bnc#1036056, LTC#153612).
- ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route (git-fixes).
- irq: Fix race condition (bsc#1042615).
- isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
- isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
- jsm: add support for additional Neo cards (bsc#1045615).
- kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
- libata: fix sff host state machine locking while polling (bsc#1045525).
- libceph: NULL deref on crush_decode() error path (bsc#1044015).
- libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1051515).
- libfc: fixup locking in fc_disc_stop() (bsc#1029140).
- libfc: move 'pending' and 'requested' setting (bsc#1029140).
- libfc: only restart discovery after timeout if not already running
(bsc#1029140).
- locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
- math64: New div64_u64_rem helper (bnc#938352).
- md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
- md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies (git-fixes).
- md/raid1: fix test for 'was read error from last working device'
(git-fixes).
- md/raid5: Fix CPU hotplug callback registration (git-fixes).
- md/raid5: do not record new size if resize_stripes fails (git-fixes).
- md: ensure md devices are freed before module is unloaded (git-fixes).
- md: fix a null dereference (bsc#1040351).
- md: flush ->event_work before stopping array (git-fixes).
- md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
(git-fixes).
- md: use separate bio_pool for metadata writes (bsc#1040351).
- megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
- mlx4: reduce OOM risk on arches with large pages (bsc#919382).
- mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
Functionality, bsc#1042832).
- mm/memory-failure.c: use compound_head() flags for huge pages
(bnc#971975 VM -- git fixes).
- mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
Functionality, bsc#1042832).
- mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
(bsc#1045547).
- mmc: ushc: fix NULL-deref at probe (bsc#1037191).
- module: fix memory leak on early load_module() failures (bsc#1043014).
- mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
- net/mlx4: Fix the check in attaching steering rules (bsc#919382).
- net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
to device managed flow steering (bsc#919382).
- net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
(bsc#919382).
- net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
physical (bsc#919382).
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bsc#919382).
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#919382).
- net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
- net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
(bsc#919382).
- net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach (bsc#919382).
- net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
- net/mlx4_en: Change the error print to debug print (bsc#919382).
- net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
- net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
- net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
- net: avoid reference counter overflows on fib_rules in multicast
forwarding (git-fixes).
- net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
- net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
- net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
- netxen_nic: set rcode to the return status from the call to
netxen_issue_cmd (bnc#784815).
- nfs: fix nfs_size_to_loff_t (git-fixes).
- nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
- nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
- nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
- perf/core: Fix event inheritance on fork() (bnc#1013018).
- powerpc/ibmebus: Fix device reference leaks in sysfs interface
(bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).
- powerpc/ibmebus: Fix further device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
- powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
(bsc#1032471).
- powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).
- powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).
- powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
(bsc#1032471).
- powerpc/mm/hash: Support 68 bit VA (bsc#1032471).
- powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).
- powerpc/mm/slice: Convert slice_mask high slice to a bitmap
(bsc#1032471).
- powerpc/mm/slice: Fix off-by-1 error when computing slice mask
(bsc#1032471).
- powerpc/mm/slice: Move slice_mask struct definition to slice.c
(bsc#1032471).
- powerpc/mm/slice: Update slice mask printing to use bitmap printing
(bsc#1032471).
- powerpc/mm/slice: Update the function prototype (bsc#1032471).
- powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
(bsc#928138).
- powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
(bsc#1032471).
- powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
(bsc#1032471).
- powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777
[2017-04-24] Pending Base Kernel Fixes).
- powerpc/pseries: Release DRC when configure_connector fails
(bsc#1035777, Pending Base Kernel Fixes).
- powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).
- powerpc: Remove STAB code (bsc#1032471).
- random32: fix off-by-one in seeding requirement (git-fixes).
- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
- rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
- s390/qdio: clear DSCI prior to scanning multiple input queues
(bnc#1046715, LTC#156234).
- s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
- s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
- sched/core: Remove false-positive warning from wake_up_process()
(bnc#1044882).
- sched/cputime: Do not scale when utime == 0 (bnc#938352).
- sched/debug: Print the scheduler topology group mask (bnc#1013018).
- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
- sched/fair: Fix min_vruntime tracking (bnc#1013018).
- sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
for b60205c7c558 sched/fair: Fix min_vruntime tracking
- sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
- sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
- sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
- sched/topology: Move comment about asymmetric node setups (bnc#1013018).
- sched/topology: Optimize build_group_mask() (bnc#1013018).
- sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1013018).
- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
- sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
- sched/topology: Verify the first group matches the child domain
(bnc#1013018).
- sched: Always initialize cpu-power (bnc#1013018).
- sched: Avoid cputime scaling overflow (bnc#938352).
- sched: Avoid prev->stime underflow (bnc#938352).
- sched: Do not account bogus utime (bnc#938352).
- sched: Fix SD_OVERLAP (bnc#1013018).
- sched: Fix domain iteration (bnc#1013018).
- sched: Lower chances of cputime scaling overflow (bnc#938352).
- sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
tracking
- sched: Rename a misleading variable in build_overlap_sched_groups()
(bnc#1013018).
- sched: Use swap() macro in scale_stime() (bnc#938352).
- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
- scsi: fix race between simultaneous decrements of ->host_failed
(bsc#1050154).
- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
(bsc#1035920).
- scsi: mvsas: fix command_active typo (bsc#1050154).
- scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
(bsc#1050154).
- sfc: do not device_attach if a reset is pending (bsc#909618).
- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- splice: Stub splice_write_to_file (bsc#1043234).
- svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
- target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
- tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
- tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
- udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
- udf: Fix races with i_size changes during readpage (bsc#1013018).
- usbtmc: remove redundant braces (bsc#1036288).
- usbtmc: remove trailing spaces (bsc#1036288).
- usbvision: fix NULL-deref at probe (bsc#1050431).
- uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
- uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
- vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
- vmxnet3: avoid calling pskb_may_pull with interrupts disabled
(bsc#1045356).
- vmxnet3: fix checks for dma mapping errors (bsc#1045356).
- vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
- x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
(bsc#948562).
- x86/pci-calgary: Fix iommu_free() comparison of unsigned expression
greater than 0 (bsc#1051478).
- xen: avoid deadlock in xenbus (bnc#1047523).
- xfrm: NULL dereference on allocation failure (bsc#1047343).
- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
- xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
- xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
- xfs: use ->b_state to fix buffer I/O accounting release race
(bsc#1041160).
- xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-13274=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-13274=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-13274=1
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-kernel-13274=1
- SUSE Linux Enterprise High Availability Extension 11-SP4:
zypper in -t patch slehasp4-kernel-13274=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-13274=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.7.2
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.7.1
kernel-default-base-3.0.101-108.7.1
kernel-default-devel-3.0.101-108.7.1
kernel-source-3.0.101-108.7.1
kernel-syms-3.0.101-108.7.1
kernel-trace-3.0.101-108.7.1
kernel-trace-base-3.0.101-108.7.1
kernel-trace-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.7.1
kernel-ec2-base-3.0.101-108.7.1
kernel-ec2-devel-3.0.101-108.7.1
kernel-xen-3.0.101-108.7.1
kernel-xen-base-3.0.101-108.7.1
kernel-xen-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.7.1
kernel-bigmem-base-3.0.101-108.7.1
kernel-bigmem-devel-3.0.101-108.7.1
kernel-ppc64-3.0.101-108.7.1
kernel-ppc64-base-3.0.101-108.7.1
kernel-ppc64-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.7.1
kernel-pae-base-3.0.101-108.7.1
kernel-pae-devel-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.7.1
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14
drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13
drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13
gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14
gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14
ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):
cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14
drbd-8.4.4-0.27.2.1
drbd-bash-completion-8.4.4-0.27.2.1
drbd-heartbeat-8.4.4-0.27.2.1
drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13
drbd-pacemaker-8.4.4-0.27.2.1
drbd-udev-8.4.4-0.27.2.1
drbd-utils-8.4.4-0.27.2.1
gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):
cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):
drbd-xen-8.4.4-0.27.2.1
- SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):
cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14
cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13
drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14
gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4
ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):
cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14
drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13
gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14
ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
drbd-debuginfo-8.4.4-0.27.2.1
drbd-debugsource-8.4.4-0.27.2.1
kernel-default-debuginfo-3.0.101-108.7.1
kernel-default-debugsource-3.0.101-108.7.1
kernel-trace-debuginfo-3.0.101-108.7.1
kernel-trace-debugsource-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.7.1
kernel-trace-devel-debuginfo-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.7.1
kernel-ec2-debugsource-3.0.101-108.7.1
kernel-xen-debuginfo-3.0.101-108.7.1
kernel-xen-debugsource-3.0.101-108.7.1
kernel-xen-devel-debuginfo-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.7.1
kernel-bigmem-debugsource-3.0.101-108.7.1
kernel-ppc64-debuginfo-3.0.101-108.7.1
kernel-ppc64-debugsource-3.0.101-108.7.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.7.1
kernel-pae-debugsource-3.0.101-108.7.1
kernel-pae-devel-debuginfo-3.0.101-108.7.1
References:
https://www.suse.com/security/cve/CVE-2014-9922.html
https://www.suse.com/security/cve/CVE-2016-10277.html
https://www.suse.com/security/cve/CVE-2017-1000363.html
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-11176.html
https://www.suse.com/security/cve/CVE-2017-11473.html
https://www.suse.com/security/cve/CVE-2017-2647.html
https://www.suse.com/security/cve/CVE-2017-6951.html
https://www.suse.com/security/cve/CVE-2017-7482.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1000365
https://bugzilla.suse.com/1000380
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1015452
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1029140
https://bugzilla.suse.com/1029850
https://bugzilla.suse.com/1030552
https://bugzilla.suse.com/1030593
https://bugzilla.suse.com/1030814
https://bugzilla.suse.com/1032340
https://bugzilla.suse.com/1032471
https://bugzilla.suse.com/1034026
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1035576
https://bugzilla.suse.com/1035721
https://bugzilla.suse.com/1035777
https://bugzilla.suse.com/1035920
https://bugzilla.suse.com/1036056
https://bugzilla.suse.com/1036288
https://bugzilla.suse.com/1036629
https://bugzilla.suse.com/1037191
https://bugzilla.suse.com/1037193
https://bugzilla.suse.com/1037227
https://bugzilla.suse.com/1037232
https://bugzilla.suse.com/1037233
https://bugzilla.suse.com/1037356
https://bugzilla.suse.com/1037358
https://bugzilla.suse.com/1037359
https://bugzilla.suse.com/1037441
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039258
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039456
https://bugzilla.suse.com/1039594
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1041160
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041762
https://bugzilla.suse.com/1041975
https://bugzilla.suse.com/1042045
https://bugzilla.suse.com/1042615
https://bugzilla.suse.com/1042633
https://bugzilla.suse.com/1042687
https://bugzilla.suse.com/1042832
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1043014
https://bugzilla.suse.com/1043234
https://bugzilla.suse.com/1043935
https://bugzilla.suse.com/1044015
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1044216
https://bugzilla.suse.com/1044230
https://bugzilla.suse.com/1044854
https://bugzilla.suse.com/1044882
https://bugzilla.suse.com/1044913
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045356
https://bugzilla.suse.com/1045416
https://bugzilla.suse.com/1045479
https://bugzilla.suse.com/1045487
https://bugzilla.suse.com/1045525
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1045547
https://bugzilla.suse.com/1045615
https://bugzilla.suse.com/1046107
https://bugzilla.suse.com/1046192
https://bugzilla.suse.com/1046715
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1047053
https://bugzilla.suse.com/1047343
https://bugzilla.suse.com/1047354
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047523
https://bugzilla.suse.com/1047653
https://bugzilla.suse.com/1048185
https://bugzilla.suse.com/1048221
https://bugzilla.suse.com/1048232
https://bugzilla.suse.com/1048275
https://bugzilla.suse.com/1049128
https://bugzilla.suse.com/1049483
https://bugzilla.suse.com/1049603
https://bugzilla.suse.com/1049688
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1050154
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1051478
https://bugzilla.suse.com/1051515
https://bugzilla.suse.com/1051770
https://bugzilla.suse.com/1055680
https://bugzilla.suse.com/784815
https://bugzilla.suse.com/792863
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/938352
https://bugzilla.suse.com/943786
https://bugzilla.suse.com/948562
https://bugzilla.suse.com/962257
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/972891
https://bugzilla.suse.com/986924
https://bugzilla.suse.com/990682
https://bugzilla.suse.com/995542
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWbXPk4x+lLeg9Ub1AQgxXxAAhzMNEqtmxyTgexV4RkxUE/Jkc3uquHZD
WYdcMInSF1JHw9kGI+MeN4t/ggvYK5gM2TasjHtZmygA/mlDu06WUVj6ajdDIoDE
SZI9bP2xZ8tHMwrBMfLPl82XW2JTV+PJkTViS3Zqb53oN8zaoj3vXFxRqMQUO4ZK
OXBezDcNRfQys94zu8nPU8ZlKM72wGvN7sT/HR+V9StlC4j62hzRxV1f4zSp94Y4
Sr0H6qK3JpUPOENNmUvnWiSokznj3R1IRihuyRrJKp+S6ATcDM6C73dA+EFVu1tL
Spl3CJHoaGtGeU5sH91zq4t5y1QBZzFHqjGqYB3o6UdFq2CuhEMd1FhnJ3psdrMB
MdLyT/sjpOrkPEjnt7x9mQGEROHHYw0ePwkFdyC2scuyUxQZXFRm+3hkxpYIhLSs
4qXtg8TqNzIk2YkZgzAvQ2atyjpON+5wlLEBR4kn0m3TqH3LaHuSS/E5E2cm9a/0
tI1oTpz6CmNpNkt6aUWkdwGCYimmbPXFRoidZLdrHv/Bfrru+XhjIplk8FWtpgOA
2+qu1NVYSjO7HjwaXAwrNZNF+e9uUUQjqG6cHabn2g82nAB/FjwwaAkxuyFFLoBN
JITmFuyZUvJZVr5SG1qNF9aXbWrorzk5nH07WsLok8GhDSjlZYeNwqxMSFUqES5Z
dbFOmUFKyXc=
=BH5p
-----END PGP SIGNATURE-----