[security-announce] SUSE-SU-2017:1102-1: important: Security update for the Linux Kernel

25 Apr 2017

      SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1102-1
Rating:             important
References:         #1003077 #1003344 #1003568 #1003677 #1003813 
                    #1003866 #1003925 #1004517 #1004520 #1005857 
                    #1005877 #1005896 #1005903 #1006917 #1006919 
                    #1007615 #1007944 #1008557 #1008645 #1008831 
                    #1008833 #1008893 #1009875 #1010150 #1010175 
                    #1010201 #1010467 #1010501 #1010507 #1010711 
                    #1010716 #1011685 #1011820 #1012411 #1012422 
                    #1012832 #1012851 #1012917 #1013018 #1013038 
                    #1013042 #1013070 #1013531 #1013533 #1013542 
                    #1013604 #1014410 #1014454 #1014746 #1015561 
                    #1015752 #1015760 #1015796 #1015803 #1015817 
                    #1015828 #1015844 #1015848 #1015878 #1015932 
                    #1016320 #1016505 #1016520 #1016668 #1016688 
                    #1016824 #1016831 #1017686 #1017710 #1019148 
                    #1019165 #1019348 #1019783 #1020214 #1021258 
                    #748806 #763198 #771065 #786036 #790588 #795297 
                    #799133 #800999 #803320 #821612 #824171 #851603 
                    #853052 #860441 #863873 #865783 #871728 #901809 
                    #907611 #908458 #908684 #909077 #909350 #909484 
                    #909491 #909618 #913387 #914939 #919382 #922634 
                    #924708 #925065 #928138 #929141 #953233 #956514 
                    #960689 #961589 #962846 #963655 #967716 #968010 
                    #969340 #973203 #973691 #979681 #984194 #986337 
                    #987333 #987576 #989152 #989680 #989764 #989896 
                    #990245 #992566 #992991 #993739 #993832 #995968 
                    #996541 #996557 #997401 #998689 #999101 #999907 

Cross-References:   CVE-2004-0230 CVE-2012-6704 CVE-2013-6368
                    CVE-2015-1350 CVE-2015-8956 CVE-2015-8962
                    CVE-2015-8964 CVE-2016-10088 CVE-2016-3841
                    CVE-2016-5696 CVE-2016-7042 CVE-2016-7097
                    CVE-2016-7117 CVE-2016-7910 CVE-2016-7911
                    CVE-2016-7916 CVE-2016-8399 CVE-2016-8632
                    CVE-2016-8633 CVE-2016-8646 CVE-2016-9555
                    CVE-2016-9576 CVE-2016-9685 CVE-2016-9756
                    CVE-2016-9793 CVE-2016-9794 CVE-2017-5551

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 27 vulnerabilities and has 114 fixes
   is now available.

Description:

   The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the
     Linux kernel preserved the setgid bit during a setxattr call involving a
     tmpfs filesystem, which allowed local users to gain group privileges by
     leveraging the existence of a setgid program with restrictions on
     execute permissions.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-7097 (bnc#1021258).
   - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions
     (bsc#995968).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free) by
     leveraging access to a /dev/sg device, related to block/bsg.c and
     drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-9576 (bnc#1017710).
   - CVE-2016-5696: TCP, when using a large Window Size, made it easier for
     remote attackers to guess sequence numbers and cause a denial of service
     (connection loss) to persistent TCP connections by repeatedly injecting
     a TCP RST packet, especially in protocols that use long-lived
     connections, such as BGP (bnc#989152).
   - CVE-2015-1350: Denial of service in notify_change for filesystem xattrs
     (bsc#914939).
   - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
     Linux kernel did not validate the relationship between the minimum
     fragment length and the maximum packet size, which allowed local users
     to gain privileges or cause a denial of service (heap-based buffer
     overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
   - CVE-2016-8399: An elevation of privilege vulnerability in the kernel
     networking subsystem could have enabled a local malicious application to
     execute arbitrary code within the context of the kernel. This issue is
     rated as Moderate because it first requires compromising a privileged
     process and current compiler optimizations restrict access to the
     vulnerable code. (bnc#1014746).
   - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash)
     or possibly have unspecified other impact by leveraging the
      CAP_NET_ADMIN capability for a crafted setsockopt system call with the
      (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
   - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash)
     or possibly have unspecified other impact by leveraging the
      CAP_NET_ADMIN capability for a crafted setsockopt system call with the
      (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).
   - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
     properly initialize Code Segment (CS) in certain error cases, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted application (bnc#1013038).
   - CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and
     FMODE_SPLICE_WRITE  (bsc#1013604)
   - CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock
     (bsc#1013533)
   - CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection
     around  np->opt (bsc#992566).
   - CVE-2016-9685: Multiple memory leaks in error paths in
     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause
     a denial of service (memory consumption) via crafted XFS filesystem
     operations (bnc#1012832).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
     the Linux kernel lacks chunk-length checking for the first chunk, which
     allowed remote attackers to cause a denial of service (out-of-bounds
     slab access) or possibly have unspecified other impact via crafted SCTP
     data (bnc#1011685).
     - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
       function in block/genhd.c in the Linux kernel allowed local users to
       gain privileges by leveraging the execution of a certain stop
       operation even if the corresponding start operation had failed
       (bnc#1010716).
   - CVE-2016-7911: Race condition in the get_task_ioprio function in
     block/ioprio.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (use-after-free) via a crafted
     ioprio_get system call (bnc#1010711).
   - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users
     to gain privileges or cause a denial of service (system crash) via a
     VAPIC synchronization operation involving a page-end address
     (bnc#853052).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2016-7916: Revert "proc: prevent accessing /proc/<PID>/environ until
     it's ready (bsc#1010467)"
   - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the
     Linux kernel allowed local users to cause a denial of service (OOPS) by
     attempting to trigger use of in-kernel hash algorithms for a socket that
     has received zero bytes of data (bnc#1010150).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7,
     in certain unusual hardware configurations, allowed remote attackers to
     execute arbitrary code via crafted fragmented packets (bnc#1008833).
   - CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show
     function  (bsc#1004517).
   - CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind
     callback (bsc#1003925).
   - CVE-2016-7117: net: Fix use after free in the recvmmsg exit path
     (bsc#1003077).

   The following non-security bugs were fixed:

   - blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for
     Skyhawk
   - blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags

   - 8250_pci: Fix potential use-after-free in error path (bsc#1013070).
   - IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036).
   - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036).
   - IB/mlx4: Fix memory leak if QP creation failed (bsc#786036).
   - IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036).
   - IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036).
   - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036).
   - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).
   - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).
   - be2net: Do not leak iomapped memory on removal (bug#925065).
   - block_dev: do not test bdev->bd_contains when it is not stable
     (bsc#1008557).
   - bna: Add synchronization for tx ring (bsc#993739).
   - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
   - bnx2x: fix lockdep splat (bsc#908684).
   - cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655)
   - config.conf: add bigmem flavour on ppc64
   - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).
   - cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382).
   - crypto: add ghash-generic in the supported.conf(bsc#1016824)
   - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106
     (bsc#913387, #bsc1016831).
   - dm space map metadata: fix sm_bootstrap_get_nr_blocks()
   - dm thin: fix race condition when destroying thin pool workqueue
   - dm: do not call dm_sync_table() when creating new devices (bnc#901809,
     bsc#1008893).
   - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348)
   - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668).
   - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018).
   - ext4: fix reference counting bug on block allocation error (bsc#1013018).
   - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).
   - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).
   - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).
   - fs/cifs: Move check for prefix path to within cifs_get_root()
     (bsc#799133).
   - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,
     bsc#979681).
   - fs/cifs: make share unaccessible at root level mountable (bsc#799133).
   - futex: Acknowledge a new waiter in counter before plist (bsc#851603).
   - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603).
   - hpilo: Add support for iLO5 (bsc#999101).
   - hv: do not lose pending heartbeat vmbus packets (bnc#1006919).
   - hv: vmbus: avoid scheduling in interrupt context in
     vmbus_initiate_unload() (bnc#986337).
   - hv: vmbus: avoid wait_for_completion() on crash (bnc#986337).
   - hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337).
   - hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts
     (bnc#986337).
   - hv: vmbus: handle various crash scenarios (bnc#986337).
   - hv: vmbus: remove code duplication in message handling (bnc#986337).
   - hv: vss: run only on supported host versions (bnc#986337).
   - i40e: fix an uninitialized variable bug (bsc#909484).
   - ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148).
   - ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148).
   - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491).
   - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector
     (bsc#795297).
   - igb: Fix oops caused by missing queue pairing (bsc#909491).
   - igb: Fix oops on changing number of rings (bsc#909491).
   - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs()
     (bsc#909491).
   - igb: Unpair the queues when changing the number of queues (bsc#909491).
   - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos
     too (bsc#865783).
   - kabi-fix for flock_owner addition (bsc#998689).
   - kexec: add a kexec_crash_loaded() function (bsc#973691).
   - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680).
   - kvm: Distangle eventfd code from irqchip (bsc#989680).
   - kvm: Iterate over only vcpus that are preempted (bsc#989680).
   - kvm: Record the preemption status of vcpus using preempt notifiers
     (bsc#989680).
   - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680).
   - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680).
   - kvm: make processes waiting on vcpu mutex killable (bsc#989680).
   - kvm: nVMX: Add preemption timer support (bsc#989680).
   - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680).
   - kvm: use symbolic constant for nr interrupts (bsc#989680).
   - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680).
   - kvm: x86: Run PIT work in own kthread (bsc#989680).
   - kvm: x86: limit difference between kvmclock updates (bsc#989680).
   - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689).
   - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).
   - libata: introduce ata_host->n_tags to avoid oops on SAS controllers
     (bsc#871728).
   - libata: remove n_tags to avoid kABI breakage (bsc#871728).
   - libata: support the ata host which implements a queue depth less than 32
     (bsc#871728)
   - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS
     response (bsc#962846).
   - libfc: Fixup disc_mutex handling (bsc#962846).
   - libfc: Issue PRLI after a PRLO has been received (bsc#962846).
   - libfc: Revisit kref handling (bnc#990245).
   - libfc: Update rport reference counting (bsc#953233).
   - libfc: do not send ABTS when resetting exchanges (bsc#962846).
   - libfc: fixup locking of ptp_setup() (bsc#962846).
   - libfc: reset exchange manager during LOGO handling (bsc#962846).
   - libfc: send LOGO for PLOGI failure (bsc#962846).
   - locking/mutex: Explicitly mark task as running after wakeup
     (bsc#1012411).
   - md/raid10: Fix memory leak when raid10 reshape completes
   - md/raid10: always set reshape_safe when initializing reshape_position
   - md: Drop sending a change uevent when stopping (bsc#1003568).
   - md: check command validity early in md_ioctl() (bsc#1004520).
   - md: fix problem when adding device to read-only array with bitmap
     (bnc#771065).
   - memstick: mspro_block: add missing curly braces (bsc#1016688).
   - mlx4: add missing braces in verify_qp_parameters (bsc#786036).
   - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
     (bnc#763198).
   - mm/memory.c: actually remap enough memory (bnc#1005903).
   - mm/memory_hotplug.c: check for missing sections in
     test_pages_in_a_zone() (bnc#961589).
   - mm: fix crashes from mbind() merging vmas (bnc#1005877).
   - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857).
   - dcache: move the call of __d_drop(anon) into
     __d_materialise_unique(dentry, anon) (bsc#984194).
   - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
   - mremap: enforce rmap src/dst vma ordering in case of vma_merge()
     succeeding in copy_vma() (bsc#1008645).
   - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337).
   - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036).
   - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382).
   - net/mlx4_core: Avoid returning success in case of an error flow
     (bsc#786036).
   - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
     (bsc#924708).
   - net/mlx4_core: Do not access comm channel if it has not yet been
     initialized (bsc#924708 bsc#786036).
   - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards
     (bug#919382).
   - net/mlx4_core: Fix the resource-type enum in res tracker to conform to
     FW spec (bsc#786036).
   - net/mlx4_core: Implement pci_resume callback (bsc#924708).
   - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT
     (bug#919382).
   - net/mlx4_en: Choose time-stamping shift value according to HW frequency
     (bsc#919382).
   - net/mlx4_en: Fix HW timestamp init issue upon system startup
     (bsc#919382).
   - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036).
   - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036).
   - net/mlx4_en: Remove dependency between timestamping capability and
     service_task (bsc#919382).
   - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382).
   - netfilter: ipv4: defrag: set local_df flag on defragmented skb
     (bsc#907611).
   - netfront: do not truncate grant references.
   - netvsc: fix incorrect receive checksum offloading (bnc#1006917).
   - nfs4: reset states to use open_stateid when returning delegation
     voluntarily (bsc#1007944).
   - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).
   - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873).
   - nfsv4: Cap the transport reconnection timer at 1/2 lease period
     (bsc#1014410).
   - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
   - nfsv4: Handle timeouts correctly when probing for lease validity
     (bsc#1014410).
   - nfsv4: add flock_owner to open context (bnc#998689).
   - nfsv4: change nfs4_do_setattr to take an open_context instead of a
     nfs4_state (bnc#998689).
   - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of
     lock_owner (bnc#998689).
   - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is
     one (bnc#998689).
   - nvme: Automatic namespace rescan (bsc#1017686).
   - nvme: Metadata format support (bsc#1017686).
   - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
   - oom: print nodemask in the oom report (bnc#1003866).
   - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models
   - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends
     (bnc#860441).
   - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).
   - posix-timers: Use sighand lock instead of tasklist_lock for task clock
     sample (bnc#997401).
   - posix-timers: Use sighand lock instead of tasklist_lock on timer
     deletion (bnc#997401).
   - powerpc/64: Fix incorrect return value from __copy_tofrom_user
     (bsc#1005896).
   - powerpc/MSI: Fix race condition in tearing down MSI interrupts
     (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
   - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config
     (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
   - powerpc/mm: Add 64TB support (bsc#928138,fate#319026).
   - powerpc/mm: Change the swap encoding in pte (bsc#973203).
   - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026).
   - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026).
   - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026).
   - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE
     (bsc#928138,fate#319026).
   - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit
     (bsc#928138,fate#319026).
   - powerpc/mm: Replace open coded CONTEXT_BITS value
     (bsc#928138,fate#319026).
   - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026).
   - powerpc/mm: Update VSID allocation documentation
     (bsc#928138,fate#319026).
   - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026).
   - powerpc/mm: Use hpt_va to compute virtual address
     (bsc#928138,fate#319026).
   - powerpc/mm: Use the required number of VSID bits in slbmte
     (bsc#928138,fate#319026).
   - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201,
     [2016-10-04] Pending Base Kernel Fixes).
   - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec
     (bsc#1003813).
   - powerpc: Add ability to build little endian kernels (bsc#967716).
   - powerpc: Avoid load of static chain register when calling nested
     functions through a pointer on 64bit (bsc#967716).
   - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026).
   - powerpc: Do not build assembly files with ABIv2 (bsc#967716).
   - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).
   - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).
   - powerpc: Fix error when cross building TAGS & cscope (bsc#967716).
   - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026).
   - powerpc: Make the vdso32 also build big-endian (bsc#967716).
   - powerpc: Move kdump default base address to half RMO size on 64bit
     (bsc#1003344).
   - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).
   - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).
   - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026).
   - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).
   - powerpc: Update kernel VSID range (bsc#928138,fate#319026).
   - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only:
     6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC'
     obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in
      /sys/devices/system/cpu
   - powerpc: dtc is required to build dtb files (bsc#967716).
   - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending
     Base Kernel Fixes).
   - powerpc: scan_features() updates incorrect bits for REAL_LE
     (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).
   - printk/sched: Introduce special printk_sched() for those awkward
     (bsc#1013042, bsc#996541, bsc#1015878).
   - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851).
   - qlcnic: fix a loop exit condition better (bsc#909350).
   - qlcnic: fix a timeout loop (bsc#909350)
   - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
     (bnc#800999).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again
   - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
   - rpm/package-descriptions: add -bigmem description
   - rt2x00: fix rfkill regression on rt2500pci (bnc#748806).
   - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677,
     LTC#147606).
   - s390/time: LPAR offset handling (bnc#1003677, LTC#146920).
   - s390/time: move PTFF definitions (bnc#1003677, LTC#146920).
   - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).
   - scsi: lpfc: avoid double free of resource identifiers (bsc#989896).
   - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374).
   - scsi_error: count medium access timeout only once per EH run
     (bsc#993832).
   - scsi_error: fixup crash in scsi_eh_reset (bsc#993832)
   - serial: 8250_pci: Detach low-level driver during PCI error recovery
     (bsc#1013070).
   - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618).
   - softirq: sirq threads raising another sirq delegate to the proper thread
     Otherwise, high priority timer threads expend cycles precessing other
     sirqs, potentially increasing wakeup latencies as thes process sirqs at
     a priority other than the priority specified by the user.
   - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
     race (bnc#803320).
   - sunrpc: Enforce an upper limit on the number of cached credentials
     (bsc#1012917).
   - sunrpc: Fix reconnection timeouts (bsc#1014410).
   - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache
     (bsc#1012917).
   - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout
     (bsc#1014410).
   - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175).
   - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175).
   - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175).
   - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175).
   - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
     (bsc#908458).
   - tg3: Fix temperature reporting (bnc#790588).
   - tty: Signal SIGHUP before hanging up ldisc (bnc#989764).
   - usb: console: fix potential use after free (bsc#1015817).
   - usb: console: fix uninitialised ldisc semaphore (bsc#1015817).
   - usb: cp210x: Corrected USB request type definitions (bsc#1015932).
   - usb: cp210x: relocate private data from USB interface to port
     (bsc#1015932).
   - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932).
   - usb: ftdi_sio: fix null deref at port probe (bsc#1015796).
   - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
     (bsc#922634).
   - usb: hub: Fix unbalanced reference count/memory leak/deadlocks
     (bsc#968010).
   - usb: ipaq.c: fix a timeout loop (bsc#1015848).
   - usb: opticon: fix non-atomic allocation in write path (bsc#1015803).
   - usb: option: fix runtime PM handling (bsc#1015752).
   - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932).
   - usb: serial: cp210x: add 8-bit and 32-bit register access functions
     (bsc#1015932).
   - usb: serial: cp210x: add new access functions for large registers
     (bsc#1015932).
   - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932).
   - usb: serial: fix potential use-after-free after failed probe
     (bsc#1015828).
   - usb: serial: io_edgeport: fix memory leaks in attach error path
     (bsc#1016505).
   - usb: serial: io_edgeport: fix memory leaks in probe error path
     (bsc#1016505).
   - usb: serial: keyspan: fix use-after-free in probe error path
     (bsc#1016520).
   - usb: sierra: fix AA deadlock in open error path (bsc#1015561).
   - usb: sierra: fix remote wakeup (bsc#1015561).
   - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561).
   - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561).
   - usb: sierra: fix use after free at suspend/resume (bsc#1015561).
   - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760).
   - usb: usb_wwan: fix race between write and resume (bsc#1015760).
   - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760).
   - usb: usb_wwan: fix urb leak in write error path (bsc#1015760).
   - usb: usb_wwan: fix write and suspend race (bsc#1015760).
   - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
   - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844).
   - vmxnet3: Wake queue from reset work (bsc#999907).
   - x86, amd_nb: Clarify F15h, model 30h GART and L3 support
   - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).
   - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and
     sync_regs (bsc#909077).
   - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors
   - x86/gart: Check for GART support before accessing GART registers
   - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).
   - zcrypt: Fix hang condition on crypto card config-off (bsc#1016320).
   - zcrypt: Fix invalid domain response handling (bsc#1016320).
   - zfcp: Fix erratic device offline during EH (bsc#993832).
   - zfcp: close window with unblocked rport during rport gone (bnc#1003677).
   - zfcp: fix D_ID field with actual value on tracing SAN responses
     (bnc#1003677).
   - zfcp: fix ELS/GS request&response length for hardware data router
     (bnc#1003677).
   - zfcp: fix payload trace length for SAN request&response (bnc#1003677).
   - zfcp: restore tracing of handle for port and LUN with HBA records
     (bnc#1003677).
   - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
     (bnc#1003677).
   - zfcp: retain trace level for SCSI and HBA FSF response records
     (bnc#1003677).
   - zfcp: trace full payload of all SAN records (req,resp,iels)
     (bnc#1003677).
   - zfcp: trace on request for open and close of WKA port (bnc#1003677).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-13074=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-13074=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      kernel-rt-3.0.101.rt130-68.1
      kernel-rt-base-3.0.101.rt130-68.1
      kernel-rt-devel-3.0.101.rt130-68.1
      kernel-rt_trace-3.0.101.rt130-68.1
      kernel-rt_trace-base-3.0.101.rt130-68.1
      kernel-rt_trace-devel-3.0.101.rt130-68.1
      kernel-source-rt-3.0.101.rt130-68.1
      kernel-syms-rt-3.0.101.rt130-68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

      kernel-rt-debuginfo-3.0.101.rt130-68.1
      kernel-rt-debugsource-3.0.101.rt130-68.1
      kernel-rt_debug-debuginfo-3.0.101.rt130-68.1
      kernel-rt_debug-debugsource-3.0.101.rt130-68.1
      kernel-rt_trace-debuginfo-3.0.101.rt130-68.1
      kernel-rt_trace-debugsource-3.0.101.rt130-68.1

References:

   https://www.suse.com/security/cve/CVE-2004-0230.html
   https://www.suse.com/security/cve/CVE-2012-6704.html
   https://www.suse.com/security/cve/CVE-2013-6368.html
   https://www.suse.com/security/cve/CVE-2015-1350.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-3841.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7916.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8632.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8646.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9576.html
   https://www.suse.com/security/cve/CVE-2016-9685.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2016-9794.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1003344
   https://bugzilla.suse.com/1003568
   https://bugzilla.suse.com/1003677
   https://bugzilla.suse.com/1003813
   https://bugzilla.suse.com/1003866
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1004520
   https://bugzilla.suse.com/1005857
   https://bugzilla.suse.com/1005877
   https://bugzilla.suse.com/1005896
   https://bugzilla.suse.com/1005903
   https://bugzilla.suse.com/1006917
   https://bugzilla.suse.com/1006919
   https://bugzilla.suse.com/1007615
   https://bugzilla.suse.com/1007944
   https://bugzilla.suse.com/1008557
   https://bugzilla.suse.com/1008645
   https://bugzilla.suse.com/1008831
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008893
   https://bugzilla.suse.com/1009875
   https://bugzilla.suse.com/1010150
   https://bugzilla.suse.com/1010175
   https://bugzilla.suse.com/1010201
   https://bugzilla.suse.com/1010467
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1011820
   https://bugzilla.suse.com/1012411
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012832
   https://bugzilla.suse.com/1012851
   https://bugzilla.suse.com/1012917
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013042
   https://bugzilla.suse.com/1013070
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013533
   https://bugzilla.suse.com/1013542
   https://bugzilla.suse.com/1013604
   https://bugzilla.suse.com/1014410
   https://bugzilla.suse.com/1014454
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1015561
   https://bugzilla.suse.com/1015752
   https://bugzilla.suse.com/1015760
   https://bugzilla.suse.com/1015796
   https://bugzilla.suse.com/1015803
   https://bugzilla.suse.com/1015817
   https://bugzilla.suse.com/1015828
   https://bugzilla.suse.com/1015844
   https://bugzilla.suse.com/1015848
   https://bugzilla.suse.com/1015878
   https://bugzilla.suse.com/1015932
   https://bugzilla.suse.com/1016320
   https://bugzilla.suse.com/1016505
   https://bugzilla.suse.com/1016520
   https://bugzilla.suse.com/1016668
   https://bugzilla.suse.com/1016688
   https://bugzilla.suse.com/1016824
   https://bugzilla.suse.com/1016831
   https://bugzilla.suse.com/1017686
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1019148
   https://bugzilla.suse.com/1019165
   https://bugzilla.suse.com/1019348
   https://bugzilla.suse.com/1019783
   https://bugzilla.suse.com/1020214
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/748806
   https://bugzilla.suse.com/763198
   https://bugzilla.suse.com/771065
   https://bugzilla.suse.com/786036
   https://bugzilla.suse.com/790588
   https://bugzilla.suse.com/795297
   https://bugzilla.suse.com/799133
   https://bugzilla.suse.com/800999
   https://bugzilla.suse.com/803320
   https://bugzilla.suse.com/821612
   https://bugzilla.suse.com/824171
   https://bugzilla.suse.com/851603
   https://bugzilla.suse.com/853052
   https://bugzilla.suse.com/860441
   https://bugzilla.suse.com/863873
   https://bugzilla.suse.com/865783
   https://bugzilla.suse.com/871728
   https://bugzilla.suse.com/901809
   https://bugzilla.suse.com/907611
   https://bugzilla.suse.com/908458
   https://bugzilla.suse.com/908684
   https://bugzilla.suse.com/909077
   https://bugzilla.suse.com/909350
   https://bugzilla.suse.com/909484
   https://bugzilla.suse.com/909491
   https://bugzilla.suse.com/909618
   https://bugzilla.suse.com/913387
   https://bugzilla.suse.com/914939
   https://bugzilla.suse.com/919382
   https://bugzilla.suse.com/922634
   https://bugzilla.suse.com/924708
   https://bugzilla.suse.com/925065
   https://bugzilla.suse.com/928138
   https://bugzilla.suse.com/929141
   https://bugzilla.suse.com/953233
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/960689
   https://bugzilla.suse.com/961589
   https://bugzilla.suse.com/962846
   https://bugzilla.suse.com/963655
   https://bugzilla.suse.com/967716
   https://bugzilla.suse.com/968010
   https://bugzilla.suse.com/969340
   https://bugzilla.suse.com/973203
   https://bugzilla.suse.com/973691
   https://bugzilla.suse.com/979681
   https://bugzilla.suse.com/984194
   https://bugzilla.suse.com/986337
   https://bugzilla.suse.com/987333
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989680
   https://bugzilla.suse.com/989764
   https://bugzilla.suse.com/989896
   https://bugzilla.suse.com/990245
   https://bugzilla.suse.com/992566
   https://bugzilla.suse.com/992991
   https://bugzilla.suse.com/993739
   https://bugzilla.suse.com/993832
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/996541
   https://bugzilla.suse.com/996557
   https://bugzilla.suse.com/997401
   https://bugzilla.suse.com/998689
   https://bugzilla.suse.com/999101
   https://bugzilla.suse.com/999907

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] SUSE-SU-2017:1102-1: important: Security update for the Linux Kernel

opensuse-security＠opensuse.org