openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
March 2018
- 1 participants
- 75 discussions
[security-announce] openSUSE-SU-2018:0855-1: important: Security update for memcached
by opensuse-security@opensuse.org 30 Mar '18
by opensuse-security@opensuse.org 30 Mar '18
30 Mar '18
openSUSE Security Update: Security update for memcached
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0855-1
Rating: important
References: #1056865
Cross-References: CVE-2017-9951
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for memcached fixes the following issues:
- CVE-2017-9951: Fixed heap-based buffer over-read in try_read_command
function which allowed remote attackers to cause a denial of service
attack (bsc#1056865).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-327=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
memcached-1.4.39-11.3.1
memcached-debuginfo-1.4.39-11.3.1
memcached-debugsource-1.4.39-11.3.1
memcached-devel-1.4.39-11.3.1
References:
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1056865
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0851-1: important: Security update for LibVNCServer
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
openSUSE Security Update: Security update for LibVNCServer
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0851-1
Rating: important
References: #1017711 #1017712 #1081493
Cross-References: CVE-2016-9941 CVE-2016-9942 CVE-2018-7225
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
LibVNCServer was updated to fix two security issues.
These security issues were fixed:
- CVE-2018-7225: Missing input sanitization inside rfbserver.c
rfbProcessClientNormalMessage() (bsc#1081493).
- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote
servers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted FramebufferUpdate message with the
Ultra type tile, such that the LZO payload decompressed length exceeds
what is specified by the tile dimensions (bsc#1017712).
- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote
servers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted FramebufferUpdate message
containing a subrectangle outside of the client drawing area
(bsc#1017711).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-326=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
LibVNCServer-debugsource-0.9.9-16.3.1
LibVNCServer-devel-0.9.9-16.3.1
libvncclient0-0.9.9-16.3.1
libvncclient0-debuginfo-0.9.9-16.3.1
libvncserver0-0.9.9-16.3.1
libvncserver0-debuginfo-0.9.9-16.3.1
linuxvnc-0.9.9-16.3.1
linuxvnc-debuginfo-0.9.9-16.3.1
References:
https://www.suse.com/security/cve/CVE-2016-9941.html
https://www.suse.com/security/cve/CVE-2016-9942.html
https://www.suse.com/security/cve/CVE-2018-7225.html
https://bugzilla.suse.com/1017711
https://bugzilla.suse.com/1017712
https://bugzilla.suse.com/1081493
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0848-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0848-1
Rating: important
References: #1010470 #1012382 #1045330 #1055755 #1062568
#1063416 #1066001 #1067118 #1068032 #1072689
#1072865 #1074488 #1075617 #1075621 #1077182
#1077560 #1077779 #1078669 #1078672 #1078673
#1078674 #1080255 #1080287 #1080464 #1080757
#1081512 #1082299 #1083244 #1083483 #1083494
#1083640 #1084323 #1085107 #1085114 #1085447
Cross-References: CVE-2016-7915 CVE-2017-12190 CVE-2017-13166
CVE-2017-15299 CVE-2017-16644 CVE-2017-16911
CVE-2017-16912 CVE-2017-16913 CVE-2017-16914
CVE-2017-18017 CVE-2017-18204 CVE-2017-18208
CVE-2017-18221 CVE-2018-1066 CVE-2018-1068
CVE-2018-5332 CVE-2018-5333 CVE-2018-6927
CVE-2018-7566
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 19 vulnerabilities and has 16 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall
interface for bridging. This allowed a privileged user to arbitrarily
write to a limited range of kernel memory (bnc#1085107).
- CVE-2017-18221: The __munlock_pagevec function allowed local users to
cause a denial of service (NR_MLOCK accounting corruption) via crafted
use of mlockall and munlockall system calls (bnc#1084323).
- CVE-2018-1066: Prevent NULL pointer dereference in
fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker
controlling a CIFS server to kernel panic a client that has this server
mounted, because an empty TargetInfo field in an NTLMSSP setup
negotiation response was mishandled during session recovery
(bnc#1083640).
- CVE-2017-13166: Prevent elevation of privilege vulnerability in the
kernel v4l2 video driver (bnc#1072865).
- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose
kernel memory addresses. Successful exploitation required that a USB
device was attached over IP (bnc#1078674).
- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key
that already exists but is uninstantiated, which allowed local users to
cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via a crafted system call
(bnc#1063416).
- CVE-2017-18208: The madvise_willneed function kernel allowed local users
to cause a denial of service (infinite loop) by triggering use of
MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
- CVE-2018-7566: The ALSA sequencer core initializes the event pool on
demand by invoking snd_seq_pool_init() when the first write happens and
the pool is empty. A user could have reset the pool size manually via
ioctl concurrently, which may have lead UAF or out-of-bound access
(bsc#1083483).
- CVE-2017-18204: The ocfs2_setattr function allowed local users to cause
a denial of service (deadlock) via DIO requests (bnc#1083244).
- CVE-2017-16644: The hdpvr_probe function allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2018-6927: The futex_requeue function allowed attackers to cause a
denial
of service (integer overflow) or possibly have unspecified other impact
by triggering a negative wake or requeue value (bnc#1080757).
- CVE-2017-16914: The "stub_send_ret_submit()" function allowed attackers
to cause a denial of service (NULL pointer dereference) via a specially
crafted USB over IP packet (bnc#1078669).
- CVE-2016-7915: The hid_input_field function allowed physically proximate
attackers to obtain sensitive information from kernel memory or cause a
denial
of service (out-of-bounds read) by connecting a device (bnc#1010470).
- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did
unbalanced refcounting when a SCSI I/O vector had small consecutive
buffers belonging to the same page. The bio_add_pc_page function merged
them into one, but the page reference was never dropped. This caused a
memory leak and possible system lockup (exploitable against the host OS
by a guest OS user, if a SCSI disk is passed through to a virtual
machine) due to an out-of-memory condition (bnc#1062568).
- CVE-2017-16912: The "get_pipe()" function allowed attackers to cause a
denial
of service (out-of-bounds read) via a specially crafted USB over IP
packet (bnc#1078673).
- CVE-2017-16913: The "stub_recv_cmd_submit()" function when handling
CMD_SUBMIT packets allowed attackers to cause a denial of service
(arbitrary memory allocation) via a specially crafted USB over IP packet
(bnc#1078672).
- CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a
value that is used during DMA page allocation, leading to a heap-based
out-of-bounds write (related to the rds_rdma_extra_size function in
net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled
cases where page pinning fails or an invalid address is supplied,
leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
- CVE-2017-18017: The tcpmss_mangle_packet function allowed remote
attackers to cause a denial of service (use-after-free and memory
corruption) or possibly have unspecified other impact by leveraging the
presence of xt_TCPMSS in an iptables action (bnc#1074488).
The following non-security bugs were fixed:
- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
- KEYS: fix writing past end of user-supplied buffer in keyring_read()
(bsc#1066001).
- KEYS: return full count in keyring_read() if buffer is too small
(bsc#1066001).
- NFS: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).
- btrfs: qgroup: move noisy underflow warning to debugging build
(bsc#1055755 and bsc#1080287).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow
variables support (bsc#1082299).
- livepatch: introduce shadow variable API. Shadow variables support
(bsc#1082299)
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain
errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
(bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
(bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- packet: only call dev_add_pack() on freshly allocated fanout instances
- pipe: cap initial pipe capacity according to pipe-max-size limit
(bsc#1045330).
- powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
bsc#1077182).
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
(bsc#1081512).
- powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
bsc#1077182).
- powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
bsc#1077182).
- powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
bsc#1077182).
- powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
bsc#1077182).
- rfi-flush: Move the logic to avoid a redo into the debugfs code
(bsc#1068032, bsc#1077182).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,
bsc#1077182).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2018-568=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-568=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-568=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-568=1
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
kernel-default-3.12.74-60.64.85.1
kernel-default-base-3.12.74-60.64.85.1
kernel-default-base-debuginfo-3.12.74-60.64.85.1
kernel-default-debuginfo-3.12.74-60.64.85.1
kernel-default-debugsource-3.12.74-60.64.85.1
kernel-default-devel-3.12.74-60.64.85.1
kernel-syms-3.12.74-60.64.85.1
kernel-xen-3.12.74-60.64.85.1
kernel-xen-base-3.12.74-60.64.85.1
kernel-xen-base-debuginfo-3.12.74-60.64.85.1
kernel-xen-debuginfo-3.12.74-60.64.85.1
kernel-xen-debugsource-3.12.74-60.64.85.1
kernel-xen-devel-3.12.74-60.64.85.1
kgraft-patch-3_12_74-60_64_85-default-1-2.3.1
kgraft-patch-3_12_74-60_64_85-xen-1-2.3.1
- SUSE OpenStack Cloud 6 (noarch):
kernel-devel-3.12.74-60.64.85.1
kernel-macros-3.12.74-60.64.85.1
kernel-source-3.12.74-60.64.85.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
kernel-default-3.12.74-60.64.85.1
kernel-default-base-3.12.74-60.64.85.1
kernel-default-base-debuginfo-3.12.74-60.64.85.1
kernel-default-debuginfo-3.12.74-60.64.85.1
kernel-default-debugsource-3.12.74-60.64.85.1
kernel-default-devel-3.12.74-60.64.85.1
kernel-syms-3.12.74-60.64.85.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
kernel-xen-3.12.74-60.64.85.1
kernel-xen-base-3.12.74-60.64.85.1
kernel-xen-base-debuginfo-3.12.74-60.64.85.1
kernel-xen-debuginfo-3.12.74-60.64.85.1
kernel-xen-debugsource-3.12.74-60.64.85.1
kernel-xen-devel-3.12.74-60.64.85.1
kgraft-patch-3_12_74-60_64_85-default-1-2.3.1
kgraft-patch-3_12_74-60_64_85-xen-1-2.3.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):
kernel-devel-3.12.74-60.64.85.1
kernel-macros-3.12.74-60.64.85.1
kernel-source-3.12.74-60.64.85.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.74-60.64.85.1
kernel-default-base-3.12.74-60.64.85.1
kernel-default-base-debuginfo-3.12.74-60.64.85.1
kernel-default-debuginfo-3.12.74-60.64.85.1
kernel-default-debugsource-3.12.74-60.64.85.1
kernel-default-devel-3.12.74-60.64.85.1
kernel-syms-3.12.74-60.64.85.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
kernel-xen-3.12.74-60.64.85.1
kernel-xen-base-3.12.74-60.64.85.1
kernel-xen-base-debuginfo-3.12.74-60.64.85.1
kernel-xen-debuginfo-3.12.74-60.64.85.1
kernel-xen-debugsource-3.12.74-60.64.85.1
kernel-xen-devel-3.12.74-60.64.85.1
kgraft-patch-3_12_74-60_64_85-default-1-2.3.1
kgraft-patch-3_12_74-60_64_85-xen-1-2.3.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):
kernel-devel-3.12.74-60.64.85.1
kernel-macros-3.12.74-60.64.85.1
kernel-source-3.12.74-60.64.85.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):
kernel-default-man-3.12.74-60.64.85.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.74-60.64.85.1
kernel-ec2-debuginfo-3.12.74-60.64.85.1
kernel-ec2-debugsource-3.12.74-60.64.85.1
kernel-ec2-devel-3.12.74-60.64.85.1
kernel-ec2-extra-3.12.74-60.64.85.1
kernel-ec2-extra-debuginfo-3.12.74-60.64.85.1
References:
https://www.suse.com/security/cve/CVE-2016-7915.html
https://www.suse.com/security/cve/CVE-2017-12190.html
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-15299.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16911.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-16914.html
https://www.suse.com/security/cve/CVE-2017-18017.html
https://www.suse.com/security/cve/CVE-2017-18204.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2017-18221.html
https://www.suse.com/security/cve/CVE-2018-1066.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-5332.html
https://www.suse.com/security/cve/CVE-2018-5333.html
https://www.suse.com/security/cve/CVE-2018-6927.html
https://www.suse.com/security/cve/CVE-2018-7566.html
https://bugzilla.suse.com/1010470
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1045330
https://bugzilla.suse.com/1055755
https://bugzilla.suse.com/1062568
https://bugzilla.suse.com/1063416
https://bugzilla.suse.com/1066001
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1074488
https://bugzilla.suse.com/1075617
https://bugzilla.suse.com/1075621
https://bugzilla.suse.com/1077182
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077779
https://bugzilla.suse.com/1078669
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1078674
https://bugzilla.suse.com/1080255
https://bugzilla.suse.com/1080287
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080757
https://bugzilla.suse.com/1081512
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1083244
https://bugzilla.suse.com/1083483
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1083640
https://bugzilla.suse.com/1084323
https://bugzilla.suse.com/1085107
https://bugzilla.suse.com/1085114
https://bugzilla.suse.com/1085447
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0844-1: important: Security update for python-paramiko
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
SUSE Security Update: Security update for python-paramiko
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0844-1
Rating: important
References: #1085276
Cross-References: CVE-2018-7750
Affected Products:
SUSE OpenStack Cloud 7
SUSE Enterprise Storage 4
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-paramiko fixes the following issues:
- CVE-2018-7750: Fixed transport.py in the SSH server implementation of
Paramiko that does not properly check whether authentication is
completed before processing other requests (bsc#1085276).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-566=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2018-566=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-566=1
Package List:
- SUSE OpenStack Cloud 7 (noarch):
python-paramiko-2.0.8-3.3.1
- SUSE Enterprise Storage 4 (noarch):
python-paramiko-2.0.8-3.3.1
- OpenStack Cloud Magnum Orchestration 7 (noarch):
python-paramiko-2.0.8-3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-7750.html
https://bugzilla.suse.com/1085276
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0841-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0841-1
Rating: important
References: #1012382 #1045538 #1048585 #1049128 #1050431
#1054305 #1059174 #1060279 #1060682 #1063544
#1064861 #1068032 #1068984 #1069508 #1070623
#1070781 #1073311 #1074488 #1074621 #1074880
#1075088 #1075091 #1075410 #1075617 #1075621
#1075908 #1075994 #1076017 #1076154 #1076278
#1076437 #1076849 #1077191 #1077355 #1077406
#1077487 #1077560 #1077922 #1078875 #1079917
#1080133 #1080359 #1080363 #1080372 #1080579
#1080685 #1080774 #1081500 #936530 #962257
Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
CVE-2017-18017 CVE-2017-18079 CVE-2017-5715
CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 41 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure of information to an attacker with local user access via a
side-channel analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".
- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's
assigned to guests to send ethernet flow control pause frames via the
PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the
DPDK, additionally multiple vendor NIC firmware is affected
(bnc#1077355).
- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
kernel skcipher. (bnc#1075908).
- CVE-2017-17741: The KVM implementation in the Linux kernel allowed
attackers to obtain potentially sensitive information from kernel
memory, aka a write_mmio stack-based out-of-bounds read, related to
arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
- CVE-2017-18017: The tcpmss_mangle_packet function in
net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
to cause a denial of service (use-after-free and memory corruption) or
possibly have unspecified other impact by leveraging the presence of
xt_TCPMSS in an iptables action (bnc#1074488).
- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
attackers to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact because the
port->exists value can change after it is validated (bnc#1077922).
- CVE-2018-1000004: In the Linux kernel a race condition vulnerability
exists in the sound system, this can lead to a deadlock and denial of
service condition (bnc#1076017).
- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
did not validate a value that is used during DMA page allocation,
leading to a heap-based out-of-bounds write (related to the
rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in
net/rds/rdma.c mishandled cases where page pinning fails or an invalid
address is supplied, leading to an rds_atomic_free_op NULL pointer
dereference (bnc#1075617).
The following non-security bugs were fixed:
- Add proper NX hadnling for !NX-capable systems also to
kaiser_add_user_map(). (bsc#1076278).
- alsa: aloop: Fix inconsistent format due to incomplete rule
(bsc#1045538).
- alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).
- alsa: aloop: Release cable upon open error path (bsc#1045538).
- alsa: pcm: Abort properly at pending signal in OSS read/write loops
(bsc#1045538).
- alsa: pcm: Add missing error checks in OSS emulation plugin builder
(bsc#1045538).
- alsa: pcm: Allow aborting mutex lock at OSS read/write loops
(bsc#1045538).
- alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).
- alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).
- btrfs: cleanup unnecessary assignment when cleaning up all the residual
transaction (FATE#325056).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: do not wait for all the writers circularly during the transaction
commit (FATE#325056).
- btrfs: do not WARN() in btrfs_transaction_abort() for IO errors
(bsc#1080363).
- btrfs: fix two use-after-free bugs with transaction cleanup
(FATE#325056).
- btrfs: make the state of the transaction more readable (FATE#325056).
- btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).
- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value
(bsc#1080685).
- btrfs: reset intwrite on transaction abort (FATE#325056).
- btrfs: set qgroup_ulist to be null after calling ulist_free()
(bsc#1080359).
- btrfs: stop waiting on current trans if we aborted (FATE#325056).
- cdc-acm: apply quirk for card reader (bsc#1060279).
- cdrom: factor out common open_for_* code (bsc#1048585).
- cdrom: wait for tray to close (bsc#1048585).
- delay: add poll_event_interruptible (bsc#1048585).
- dm flakey: add corrupt_bio_byte feature (bsc#1080372).
- dm flakey: add drop_writes (bsc#1080372).
- dm flakey: error READ bios during the down_interval (bsc#1080372).
- dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).
- dm flakey: fix reads to be issued if drop_writes configured
(bsc#1080372).
- dm flakey: introduce "error_writes" feature (bsc#1080372).
- dm flakey: support feature args (bsc#1080372).
- dm flakey: use dm_target_offset and support discards (bsc#1080372).
- ext2: free memory allocated and forget buffer head when io error happens
(bnc#1069508).
- ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- ext3: add necessary check in case IO error happens (bnc#1069508).
- ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- fork: clear thread stack upon allocation (bsc#1077560).
- kabi/severities ignore Cell-specific symbols
- kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz
- kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call
cannot make assumption of accessible stack after CR3 switch, and
therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the
pagetable hierarchy.
- kaiser: Fix trampoline stack loading issue on XEN PV
- kaiser: handle non-accessible stack in sysretl_from_sys_call properly
(bsc#bsc#1080579)
- kaiser: make sure not to touch stack after CR3 switch in compat syscall
return
- kaiser: really do switch away from trampoline stack to kernel stack in
ia32_syscall entry (bsc#1080579)
- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
bsc#1068032).
- keys: trusted: fix writing past end of buffer in trusted_read()
(bsc#1074880).
- media: omap_vout: Fix a possible null pointer dereference in
omap_vout_open() (bsc#1050431).
- mISDN: fix a loop count (bsc#1077191).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1081500).
- nfsd: do not share group_info among threads (bsc@1070623).
- ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert
thread (bsc#1076437).
- ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can
not be granted at once (bsc#1076437).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
- powerpc/64: Add macros for annotating the destination of rfid/hrfid
(bsc#1068032, bsc#1075088).
- powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64s: Add EX_SIZE definition for paca exception save areas
(bsc#1068032, bsc#1075088).
- powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,
bsc#1075088).
- powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,
bsc#1075088).
- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).
- powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
(bsc#1068032, bsc#1075088).
- powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
- powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,
bsc#1075088).
- powerpc: Fix register clobbering when accumulating stolen time
(bsc#1059174).
- powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).
- powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).
- powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,
git-fixes).
- powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).
- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
(bsc#1068032, bsc#1075088).
- powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,
bsc#1075088).
- powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,
bsc#1075088).
- powerpc/pseries: Kill all prefetch streams on context switch
(bsc#1068032, bsc#1075088).
- powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,
bsc#1075088).
- powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration
(bsc#1068032, bsc#1075088).
- powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration
(bsc#1075088).
- powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).
- powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,
bsc#1075088).
- powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).
- powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).
- powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
(bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
(bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
(bsc#1075088).
- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
- rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).
- rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).
- rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
(bsc#1075088).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,
bsc#1075088).
- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
LTC#163741).
- scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).
- scsi: sr: wait for the medium to become ready (bsc#1048585).
- scsi: virtio_scsi: let host do exception handling
(bsc#936530,bsc#1060682).
- storvsc: do not assume SG list is continuous when doing bounce buffers
(bsc#1075410).
- sysfs/cpu: Add vulnerability folder (bnc#1012382).
- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
- Update config files: enable CPU vulnerabilities reporting via sysfs
- x86/acpi: Handle SCI interrupts above legacy space gracefully
(bsc#1068984).
- x86/acpi: Reduce code duplication in mp_override_legacy_irq()
(bsc#1068984).
- x86/boot: Fix early command-line parsing when matching at end
(bsc#1068032).
- x86/cpu: Factor out application of forced CPU caps (bsc#1075994
bsc#1075091).
- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- x86/kaiser: Populate shadow PGD with NX bit only if supported by
platform (bsc#1076154 bsc#1076278).
- x86/kaiser: use trampoline stack for kernel entry.
- x86/microcode/intel: Extend BDW late-loading further with LLC size check
(bsc#1054305).
- x86/microcode/intel: Extend BDW late-loading with a revision check
(bsc#1054305).
- x86/microcode: Rescan feature flags upon late loading (bsc#1075994
bsc#1075091).
- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
(bsc#1068032).
- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
(bsc#1075994 bsc#1075091).
- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
bsc#1075091).
- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-kernel-rt-20180209-13539=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-rt-20180209-13539=1
Package List:
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
kernel-rt-3.0.101.rt130-69.21.1
kernel-rt-base-3.0.101.rt130-69.21.1
kernel-rt-devel-3.0.101.rt130-69.21.1
kernel-rt_trace-3.0.101.rt130-69.21.1
kernel-rt_trace-base-3.0.101.rt130-69.21.1
kernel-rt_trace-devel-3.0.101.rt130-69.21.1
kernel-source-rt-3.0.101.rt130-69.21.1
kernel-syms-rt-3.0.101.rt130-69.21.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
kernel-rt-debuginfo-3.0.101.rt130-69.21.1
kernel-rt-debugsource-3.0.101.rt130-69.21.1
kernel-rt_debug-debuginfo-3.0.101.rt130-69.21.1
kernel-rt_debug-debugsource-3.0.101.rt130-69.21.1
kernel-rt_trace-debuginfo-3.0.101.rt130-69.21.1
kernel-rt_trace-debugsource-3.0.101.rt130-69.21.1
References:
https://www.suse.com/security/cve/CVE-2015-1142857.html
https://www.suse.com/security/cve/CVE-2017-13215.html
https://www.suse.com/security/cve/CVE-2017-17741.html
https://www.suse.com/security/cve/CVE-2017-18017.html
https://www.suse.com/security/cve/CVE-2017-18079.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-1000004.html
https://www.suse.com/security/cve/CVE-2018-5332.html
https://www.suse.com/security/cve/CVE-2018-5333.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1048585
https://bugzilla.suse.com/1049128
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1054305
https://bugzilla.suse.com/1059174
https://bugzilla.suse.com/1060279
https://bugzilla.suse.com/1060682
https://bugzilla.suse.com/1063544
https://bugzilla.suse.com/1064861
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068984
https://bugzilla.suse.com/1069508
https://bugzilla.suse.com/1070623
https://bugzilla.suse.com/1070781
https://bugzilla.suse.com/1073311
https://bugzilla.suse.com/1074488
https://bugzilla.suse.com/1074621
https://bugzilla.suse.com/1074880
https://bugzilla.suse.com/1075088
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075410
https://bugzilla.suse.com/1075617
https://bugzilla.suse.com/1075621
https://bugzilla.suse.com/1075908
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1076017
https://bugzilla.suse.com/1076154
https://bugzilla.suse.com/1076278
https://bugzilla.suse.com/1076437
https://bugzilla.suse.com/1076849
https://bugzilla.suse.com/1077191
https://bugzilla.suse.com/1077355
https://bugzilla.suse.com/1077406
https://bugzilla.suse.com/1077487
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077922
https://bugzilla.suse.com/1078875
https://bugzilla.suse.com/1079917
https://bugzilla.suse.com/1080133
https://bugzilla.suse.com/1080359
https://bugzilla.suse.com/1080363
https://bugzilla.suse.com/1080372
https://bugzilla.suse.com/1080579
https://bugzilla.suse.com/1080685
https://bugzilla.suse.com/1080774
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/936530
https://bugzilla.suse.com/962257
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0839-1: important: Security update for memcached
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
SUSE Security Update: Security update for memcached
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0839-1
Rating: important
References: #1056865
Cross-References: CVE-2017-9951
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for memcached fixes the following issues:
- CVE-2017-9951: Fixed heap-based buffer over-read in try_read_command
function which allowed remote attackers to cause a denial of service
attack (bsc#1056865).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-562=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-562=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-562=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-562=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
memcached-debuginfo-1.4.39-4.3.1
memcached-debugsource-1.4.39-4.3.1
memcached-devel-1.4.39-4.3.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
memcached-1.4.39-4.3.1
memcached-debuginfo-1.4.39-4.3.1
memcached-debugsource-1.4.39-4.3.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
memcached-1.4.39-4.3.1
memcached-debuginfo-1.4.39-4.3.1
memcached-debugsource-1.4.39-4.3.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
memcached-1.4.39-4.3.1
memcached-debuginfo-1.4.39-4.3.1
memcached-debugsource-1.4.39-4.3.1
References:
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1056865
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0838-1: important: Security update for libvirt
by opensuse-security@opensuse.org 29 Mar '18
by opensuse-security@opensuse.org 29 Mar '18
29 Mar '18
SUSE Security Update: Security update for libvirt
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0838-1
Rating: important
References: #1055365 #1076500 #1079869 #1083061 #1083625
Cross-References: CVE-2017-5715 CVE-2018-1064 CVE-2018-5748
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2017-5715: Fixes for speculative side channel attacks aka
"SpectreAttack" (var2) (bsc#1079869).
- CVE-2018-1064: Fixed denial of service when reading from guest agent
(bsc#1083625).
- CVE-2018-5748: Fixed possible denial of service when reading from QEMU
monitor (bsc#1076500).
Non-security issues fixed:
- bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on
SLES11 SP4.
- bsc#1055365: Improve performance when listing hundreds of interfaces.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libvirt-13538=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-libvirt-13538=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libvirt-13538=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libvirt-devel-1.2.5-23.6.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64):
libvirt-devel-32bit-1.2.5-23.6.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libvirt-1.2.5-23.6.1
libvirt-client-1.2.5-23.6.1
libvirt-doc-1.2.5-23.6.1
libvirt-lock-sanlock-1.2.5-23.6.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libvirt-client-32bit-1.2.5-23.6.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libvirt-debuginfo-1.2.5-23.6.1
libvirt-debugsource-1.2.5-23.6.1
References:
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-1064.html
https://www.suse.com/security/cve/CVE-2018-5748.html
https://bugzilla.suse.com/1055365
https://bugzilla.suse.com/1076500
https://bugzilla.suse.com/1079869
https://bugzilla.suse.com/1083061
https://bugzilla.suse.com/1083625
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0834-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 28 Mar '18
by opensuse-security@opensuse.org 28 Mar '18
28 Mar '18
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0834-1
Rating: important
References: #1010470 #1012382 #1045330 #1062568 #1063416
#1066001 #1067118 #1068032 #1072689 #1072865
#1074488 #1075617 #1075621 #1077560 #1078669
#1078672 #1078673 #1078674 #1080255 #1080464
#1080757 #1082299 #1083244 #1083483 #1083494
#1083640 #1084323 #1085107 #1085114 #1085279
#1085447
Cross-References: CVE-2016-7915 CVE-2017-12190 CVE-2017-13166
CVE-2017-15299 CVE-2017-16644 CVE-2017-16911
CVE-2017-16912 CVE-2017-16913 CVE-2017-16914
CVE-2017-18017 CVE-2017-18204 CVE-2017-18208
CVE-2017-18221 CVE-2018-1066 CVE-2018-1068
CVE-2018-5332 CVE-2018-5333 CVE-2018-6927
CVE-2018-7566
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 19 vulnerabilities and has 12 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall
interface for bridging. This allowed a privileged user to arbitrarily
write to a limited range of kernel memory (bnc#1085107).
- CVE-2017-18221: The __munlock_pagevec function allowed local users to
cause a denial of service (NR_MLOCK accounting corruption) via crafted
use of mlockall and munlockall system calls (bnc#1084323).
- CVE-2018-1066: Prevent NULL pointer dereference in
fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker
controlling a CIFS server to kernel panic a client that has this server
mounted, because an empty TargetInfo field in an NTLMSSP setup
negotiation response was mishandled during session recovery
(bnc#1083640).
- CVE-2017-13166: Prevent elevation of privilege vulnerability in the
kernel v4l2 video driver (bnc#1072865).
- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose
kernel memory addresses. Successful exploitation required that a USB
device was attached over IP (bnc#1078674).
- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key
that already exists but is uninstantiated, which allowed local users to
cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via a crafted system call
(bnc#1063416).
- CVE-2017-18208: The madvise_willneed function kernel allowed local users
to cause a denial of service (infinite loop) by triggering use of
MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
- CVE-2018-7566: The ALSA sequencer core initializes the event pool on
demand by invoking snd_seq_pool_init() when the first write happens and
the pool is empty. A user could have reset the pool size manually via
ioctl concurrently, which may have lead UAF or out-of-bound access
(bsc#1083483).
- CVE-2017-18204: The ocfs2_setattr function allowed local users to cause
a denial of service (deadlock) via DIO requests (bnc#1083244).
- CVE-2017-16644: The hdpvr_probe function allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2018-6927: The futex_requeue function allowed attackers to cause a
denial
of service (integer overflow) or possibly have unspecified other impact
by triggering a negative wake or requeue value (bnc#1080757).
- CVE-2017-16914: The "stub_send_ret_submit()" function allowed attackers
to cause a denial of service (NULL pointer dereference) via a specially
crafted USB over IP packet (bnc#1078669).
- CVE-2016-7915: The hid_input_field function allowed physically proximate
attackers to obtain sensitive information from kernel memory or cause a
denial
of service (out-of-bounds read) by connecting a device (bnc#1010470).
- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did
unbalanced refcounting when a SCSI I/O vector had small consecutive
buffers belonging to the same page. The bio_add_pc_page function merged
them into one, but the page reference was never dropped. This caused a
memory leak and possible system lockup (exploitable against the host OS
by a guest OS user, if a SCSI disk is passed through to a virtual
machine) due to an out-of-memory condition (bnc#1062568).
- CVE-2017-16912: The "get_pipe()" function allowed attackers to cause a
denial
of service (out-of-bounds read) via a specially crafted USB over IP
packet (bnc#1078673).
- CVE-2017-16913: The "stub_recv_cmd_submit()" function when handling
CMD_SUBMIT packets allowed attackers to cause a denial of service
(arbitrary memory allocation) via a specially crafted USB over IP packet
(bnc#1078672).
- CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a
value that is used during DMA page allocation, leading to a heap-based
out-of-bounds write (related to the rds_rdma_extra_size function in
net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled
cases where page pinning fails or an invalid address is supplied,
leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
- CVE-2017-18017: The tcpmss_mangle_packet function allowed remote
attackers to cause a denial of service (use-after-free and memory
corruption) or possibly have unspecified other impact by leveraging the
presence of xt_TCPMSS in an iptables action (bnc#1074488).
The following non-security bugs were fixed:
- Fix build on arm64 by defining empty gmb() (bnc#1068032).
- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
- KEYS: fix writing past end of user-supplied buffer in keyring_read()
(bsc#1066001).
- KEYS: return full count in keyring_read() if buffer is too small
(bsc#1066001).
- include/stddef.h: Move offsetofend() from vfio.h to a generic kernel
header (bsc#1077560).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow
variables support (bsc#1082299).
- livepatch: introduce shadow variable API. Shadow variables support
(bsc#1082299)
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain
errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
(bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
(bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- packet: only call dev_add_pack() on freshly allocated fanout instances
- pipe: cap initial pipe capacity according to pipe-max-size limit
(bsc#1045330).
- x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2018-558=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-558=1
Package List:
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.61-52.125.1
kernel-default-base-3.12.61-52.125.1
kernel-default-base-debuginfo-3.12.61-52.125.1
kernel-default-debuginfo-3.12.61-52.125.1
kernel-default-debugsource-3.12.61-52.125.1
kernel-default-devel-3.12.61-52.125.1
kernel-syms-3.12.61-52.125.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
kernel-xen-3.12.61-52.125.1
kernel-xen-base-3.12.61-52.125.1
kernel-xen-base-debuginfo-3.12.61-52.125.1
kernel-xen-debuginfo-3.12.61-52.125.1
kernel-xen-debugsource-3.12.61-52.125.1
kernel-xen-devel-3.12.61-52.125.1
kgraft-patch-3_12_61-52_125-default-1-1.3.1
kgraft-patch-3_12_61-52_125-xen-1-1.3.1
- SUSE Linux Enterprise Server 12-LTSS (noarch):
kernel-devel-3.12.61-52.125.1
kernel-macros-3.12.61-52.125.1
kernel-source-3.12.61-52.125.1
- SUSE Linux Enterprise Server 12-LTSS (s390x):
kernel-default-man-3.12.61-52.125.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.61-52.125.1
kernel-ec2-debuginfo-3.12.61-52.125.1
kernel-ec2-debugsource-3.12.61-52.125.1
kernel-ec2-devel-3.12.61-52.125.1
kernel-ec2-extra-3.12.61-52.125.1
kernel-ec2-extra-debuginfo-3.12.61-52.125.1
References:
https://www.suse.com/security/cve/CVE-2016-7915.html
https://www.suse.com/security/cve/CVE-2017-12190.html
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-15299.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16911.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-16914.html
https://www.suse.com/security/cve/CVE-2017-18017.html
https://www.suse.com/security/cve/CVE-2017-18204.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2017-18221.html
https://www.suse.com/security/cve/CVE-2018-1066.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-5332.html
https://www.suse.com/security/cve/CVE-2018-5333.html
https://www.suse.com/security/cve/CVE-2018-6927.html
https://www.suse.com/security/cve/CVE-2018-7566.html
https://bugzilla.suse.com/1010470
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1045330
https://bugzilla.suse.com/1062568
https://bugzilla.suse.com/1063416
https://bugzilla.suse.com/1066001
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1074488
https://bugzilla.suse.com/1075617
https://bugzilla.suse.com/1075621
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1078669
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1078674
https://bugzilla.suse.com/1080255
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080757
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1083244
https://bugzilla.suse.com/1083483
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1083640
https://bugzilla.suse.com/1084323
https://bugzilla.suse.com/1085107
https://bugzilla.suse.com/1085114
https://bugzilla.suse.com/1085279
https://bugzilla.suse.com/1085447
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0831-1: important: Security update for qemu
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0831-1
Rating: important
References: #1040202 #1068032 #1068613 #1070144 #1071228
#1073489 #1076114 #1076179 #1076775 #1076814
#1082276 #1083291 #1085598
Cross-References: CVE-2017-15119 CVE-2017-15124 CVE-2017-16845
CVE-2017-17381 CVE-2017-18030 CVE-2017-18043
CVE-2017-5715 CVE-2018-5683 CVE-2018-7550
Affected Products:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves 9 vulnerabilities and has four fixes
is now available.
Description:
This update for qemu fixes the following issues:
This update has the next round of Spectre v2 related patches, which now
integrate with corresponding changes in libvirt. (CVE-2017-5715
bsc#1068032)
The January 2018 release of qemu initially addressed the Spectre v2
vulnerability for KVM guests by exposing the spec-ctrl feature for all x86
vcpu types, which was the quick and dirty approach, but not the proper
solution.
We replaced our initial patch by the patches from upstream.
This update defines spec_ctrl and ibpb cpu feature flags as well as new
cpu models which are clones of existing models with either -IBRS or -IBPB
added to the end of the model name. These new vcpu models explicitly
include the new feature(s), whereas the feature flags can be added to the
cpu parameter as with other features. In short, for continued Spectre v2
protection, ensure that either the appropriate cpu feature flag is added
to the QEMU command-line, or one of the new cpu models is used.
Although migration from older versions is supported, the new cpu features
won't be properly exposed to the guest until it is restarted with the cpu
features explicitly added. A reboot is insufficient.
A warning patch is added which attempts to detect a migration from a qemu
version which had the quick and dirty fix (it only detects certain cases,
but hopefully is helpful.) For additional information on Spectre v2 as it
relates to QEMU, see:
https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
A patch is added to continue to detect Spectre v2 mitigation features (as
shown by cpuid), and if found provide that feature to guests, even if
running on older KVM (kernel) versions which do not yet expose that
feature to QEMU. (bsc#1082276)
These two patches will be removed when we can reasonably assume everyone
is running with the appropriate updates.
Also security fixes for the following CVE issues are included:
- CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator
(QEMU), was vulnerable to a denial of service issue. It could occur if a
client sent large option requests, making the server waste CPU time on
reading up to 4GB per request. A client could use this flaw to keep the
NBD server from serving other requests, resulting in DoS. (bsc#1070144)
- CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) was
found to be vulnerable to an unbounded memory allocation issue, as it
did not throttle the framebuffer updates sent to its client. If the
client did not consume these updates, VNC server allocates growing
memory to hold onto this data. A malicious remote VNC client could use
this flaw to cause DoS to the server host. (bsc#1073489)
- CVE-2017-16845: The PS2 driver in Qemu did not validate 'rptr' and
'count' values during guest migration, leading to out-of-bounds access.
(bsc#1068613)
- CVE-2017-17381: The Virtio Vring implementation in QEMU allowed local OS
guest users to cause a denial of service (divide-by-zero error and QEMU
process crash) by unsetting vring alignment while updating Virtio rings.
(bsc#1071228)
- CVE-2017-18030: A problem in the Cirrus driver in Qemu allowed local OS
guest privileged users to cause a denial of service (out-of-bounds array
access and QEMU process crash) via vectors related to negative pitch.
(bsc#1076179)
- CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick
Emulator (Qemu) allowed a user to cause a denial of service (Qemu
process crash). (bsc#1076775)
- CVE-2018-5683: The VGA driver in Qemu allowed local OS guest privileged
users to cause a denial of service (out-of-bounds read and QEMU process
crash) by leveraging improper memory address validation. (bsc#1076114)
- CVE-2018-7550: The multiboot functionality in Quick Emulator (aka QEMU)
allowed local guest OS users to execute arbitrary code on the QEMU host
via an out-of-bounds read or write memory access. (bsc#1083291)
Also the following bugs were fixed:
- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since
the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H,
Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing
the STIBP CPUID feature bit to the guest is wrong in general, since the
VM doesn't directly control the scheduling of physical hyperthreads.
This is left strictly to the L0 hypervisor.
- Spectre fixes for IBM Z series by providing more hw features to guests
(bsc#1076814)
- Pre-add group kvm for qemu-tools (bsc#1040202)
- the qemu-tools package also needs a prerequire of group management
tools, from the shadow package. (bsc#1085598)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-555=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-555=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-555=1
Package List:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
qemu-2.6.2-41.37.1
qemu-arm-2.6.2-41.37.1
qemu-arm-debuginfo-2.6.2-41.37.1
qemu-block-curl-2.6.2-41.37.1
qemu-block-curl-debuginfo-2.6.2-41.37.1
qemu-block-rbd-2.6.2-41.37.1
qemu-block-rbd-debuginfo-2.6.2-41.37.1
qemu-block-ssh-2.6.2-41.37.1
qemu-block-ssh-debuginfo-2.6.2-41.37.1
qemu-debugsource-2.6.2-41.37.1
qemu-guest-agent-2.6.2-41.37.1
qemu-guest-agent-debuginfo-2.6.2-41.37.1
qemu-lang-2.6.2-41.37.1
qemu-tools-2.6.2-41.37.1
qemu-tools-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
qemu-2.6.2-41.37.1
qemu-block-curl-2.6.2-41.37.1
qemu-block-curl-debuginfo-2.6.2-41.37.1
qemu-block-ssh-2.6.2-41.37.1
qemu-block-ssh-debuginfo-2.6.2-41.37.1
qemu-debugsource-2.6.2-41.37.1
qemu-guest-agent-2.6.2-41.37.1
qemu-guest-agent-debuginfo-2.6.2-41.37.1
qemu-lang-2.6.2-41.37.1
qemu-tools-2.6.2-41.37.1
qemu-tools-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64):
qemu-block-rbd-2.6.2-41.37.1
qemu-block-rbd-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
qemu-kvm-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64):
qemu-arm-2.6.2-41.37.1
qemu-arm-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (ppc64le):
qemu-ppc-2.6.2-41.37.1
qemu-ppc-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.37.1
qemu-seabios-1.9.1-41.37.1
qemu-sgabios-8-41.37.1
qemu-vgabios-1.9.1-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
qemu-x86-2.6.2-41.37.1
qemu-x86-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Server 12-SP2 (s390x):
qemu-s390-2.6.2-41.37.1
qemu-s390-debuginfo-2.6.2-41.37.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
qemu-2.6.2-41.37.1
qemu-block-curl-2.6.2-41.37.1
qemu-block-curl-debuginfo-2.6.2-41.37.1
qemu-debugsource-2.6.2-41.37.1
qemu-kvm-2.6.2-41.37.1
qemu-tools-2.6.2-41.37.1
qemu-tools-debuginfo-2.6.2-41.37.1
qemu-x86-2.6.2-41.37.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.37.1
qemu-seabios-1.9.1-41.37.1
qemu-sgabios-8-41.37.1
qemu-vgabios-1.9.1-41.37.1
References:
https://www.suse.com/security/cve/CVE-2017-15119.html
https://www.suse.com/security/cve/CVE-2017-15124.html
https://www.suse.com/security/cve/CVE-2017-16845.html
https://www.suse.com/security/cve/CVE-2017-17381.html
https://www.suse.com/security/cve/CVE-2017-18030.html
https://www.suse.com/security/cve/CVE-2017-18043.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-5683.html
https://www.suse.com/security/cve/CVE-2018-7550.html
https://bugzilla.suse.com/1040202
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068613
https://bugzilla.suse.com/1070144
https://bugzilla.suse.com/1071228
https://bugzilla.suse.com/1073489
https://bugzilla.suse.com/1076114
https://bugzilla.suse.com/1076179
https://bugzilla.suse.com/1076775
https://bugzilla.suse.com/1076814
https://bugzilla.suse.com/1082276
https://bugzilla.suse.com/1083291
https://bugzilla.suse.com/1085598
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0830-1: important: Security update for LibVNCServer
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
SUSE Security Update: Security update for LibVNCServer
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0830-1
Rating: important
References: #1017711 #1017712 #1081493
Cross-References: CVE-2016-9941 CVE-2016-9942 CVE-2018-7225
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
LibVNCServer was updated to fix two security issues.
These security issues were fixed:
- CVE-2018-7225: Missing input sanitization inside rfbserver.c
rfbProcessClientNormalMessage() (bsc#1081493).
- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote
servers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted FramebufferUpdate message with the
Ultra type tile, such that the LZO payload decompressed length exceeds
what is specified by the tile dimensions (bsc#1017712).
- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote
servers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted FramebufferUpdate message
containing a subrectangle outside of the client drawing area
(bsc#1017711).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-554=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-554=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-554=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-554=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-554=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
LibVNCServer-debugsource-0.9.9-17.5.1
LibVNCServer-devel-0.9.9-17.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
LibVNCServer-debugsource-0.9.9-17.5.1
LibVNCServer-devel-0.9.9-17.5.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
LibVNCServer-debugsource-0.9.9-17.5.1
libvncclient0-0.9.9-17.5.1
libvncclient0-debuginfo-0.9.9-17.5.1
libvncserver0-0.9.9-17.5.1
libvncserver0-debuginfo-0.9.9-17.5.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
LibVNCServer-debugsource-0.9.9-17.5.1
libvncclient0-0.9.9-17.5.1
libvncclient0-debuginfo-0.9.9-17.5.1
libvncserver0-0.9.9-17.5.1
libvncserver0-debuginfo-0.9.9-17.5.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
LibVNCServer-debugsource-0.9.9-17.5.1
libvncclient0-0.9.9-17.5.1
libvncclient0-debuginfo-0.9.9-17.5.1
libvncserver0-0.9.9-17.5.1
libvncserver0-debuginfo-0.9.9-17.5.1
References:
https://www.suse.com/security/cve/CVE-2016-9941.html
https://www.suse.com/security/cve/CVE-2016-9942.html
https://www.suse.com/security/cve/CVE-2018-7225.html
https://bugzilla.suse.com/1017711
https://bugzilla.suse.com/1017712
https://bugzilla.suse.com/1081493
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0829-1: important: Security update for librelp
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
openSUSE Security Update: Security update for librelp
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0829-1
Rating: important
References: #1086730
Cross-References: CVE-2018-1000140
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for librelp fixes the following issues:
- CVE-2018-1000140: A stack-based buffer overflow in the code for checking
of x509 certificates allowed a remote attacker with an access to the
rsyslog logging facility to potentially execute arbitrary code by
sending a specially crafted x509 certificate. (bsc#1086730)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-319=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
librelp-debugsource-1.2.12-2.3.1
librelp-devel-1.2.12-2.3.1
librelp0-1.2.12-2.3.1
librelp0-debuginfo-1.2.12-2.3.1
References:
https://www.suse.com/security/cve/CVE-2018-1000140.html
https://bugzilla.suse.com/1086730
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0828-1: important: Security update for librelp
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
SUSE Security Update: Security update for librelp
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0828-1
Rating: important
References: #1086730
Cross-References: CVE-2018-1000140
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for librelp fixes the following issues:
CVE-2018-1000140 (bsc#1086730): librelp contained a stack-based buffer
overflow in the checking of x509 certificates. A remote attacker with an
access to the rsyslog logging facility could have exploited it by sending
a specially crafted x509 certificate.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2018-553=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-553=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-553=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-553=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-553=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-553=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2018-553=1
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp-devel-1.2.7-3.3.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
librelp-debugsource-1.2.7-3.3.1
librelp0-1.2.7-3.3.1
librelp0-debuginfo-1.2.7-3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-1000140.html
https://bugzilla.suse.com/1086730
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0825-1: important: Security update for clamav
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
openSUSE Security Update: Security update for clamav
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0825-1
Rating: important
References: #1045315 #1049423 #1052449 #1082858 #1083915
Cross-References: CVE-2012-6706 CVE-2017-11423 CVE-2017-6419
CVE-2018-0202 CVE-2018-1000085
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for clamav fixes the following issues:
Security issues fixed:
- CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows
an arbitrary memory write (bsc#1045315).
- CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of
service in libmspack via a crafted CHM file (bsc#1052449).
- CVE-2017-11423: A stack-based buffer over-read that can lead to a denial
of service in mspack via a crafted CAB file (bsc#1049423).
- CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in
XAR parser that can lead to a denial of service (bsc#1082858).
- CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code
(bsc#1083915).
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-314=1
Package List:
- openSUSE Leap 42.3 (x86_64):
clamav-0.99.4-23.1
clamav-debuginfo-0.99.4-23.1
clamav-debugsource-0.99.4-23.1
References:
https://www.suse.com/security/cve/CVE-2012-6706.html
https://www.suse.com/security/cve/CVE-2017-11423.html
https://www.suse.com/security/cve/CVE-2017-6419.html
https://www.suse.com/security/cve/CVE-2018-0202.html
https://www.suse.com/security/cve/CVE-2018-1000085.html
https://bugzilla.suse.com/1045315
https://bugzilla.suse.com/1049423
https://bugzilla.suse.com/1052449
https://bugzilla.suse.com/1082858
https://bugzilla.suse.com/1083915
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0822-1: important: Security update for librelp
by opensuse-security@opensuse.org 27 Mar '18
by opensuse-security@opensuse.org 27 Mar '18
27 Mar '18
SUSE Security Update: Security update for librelp
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0822-1
Rating: important
References: #1086730
Cross-References: CVE-2018-1000140
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for librelp fixes the following issues: CVE-2018-1000140
(bsc#1086730): librelp contained a stack-based buffer overflow in the
checking of x509 certificates. A remote attacker with an access to the
rsyslog logging facility could have exploited it by sending a specially
crafted x509 certificate.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-552=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-552=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
librelp-debugsource-1.2.12-3.3.1
librelp-devel-1.2.12-3.3.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
librelp-debugsource-1.2.12-3.3.1
librelp0-1.2.12-3.3.1
librelp0-debuginfo-1.2.12-3.3.1
References:
https://www.suse.com/security/cve/CVE-2018-1000140.html
https://bugzilla.suse.com/1086730
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0809-1: important: Security update for clamav
by opensuse-security@opensuse.org 26 Mar '18
by opensuse-security@opensuse.org 26 Mar '18
26 Mar '18
SUSE Security Update: Security update for clamav
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0809-1
Rating: important
References: #1045315 #1049423 #1052449 #1082858 #1083915
Cross-References: CVE-2012-6706 CVE-2017-11423 CVE-2017-6419
CVE-2018-0202 CVE-2018-1000085
Affected Products:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for clamav fixes the following issues:
Security issues fixed:
- CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows
an arbitrary memory write (bsc#1045315).
- CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of
service in libmspack via a crafted CHM file (bsc#1052449).
- CVE-2017-11423: A stack-based buffer over-read that can lead to a denial
of service in mspack via a crafted CAB file (bsc#1049423).
- CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in
XAR parser that can lead to a denial of service (bsc#1082858).
- CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code
(bsc#1083915).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-541=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-541=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-541=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-541=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-541=1
Package List:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
clamav-0.99.4-33.9.1
clamav-debuginfo-0.99.4-33.9.1
clamav-debugsource-0.99.4-33.9.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
clamav-0.99.4-33.9.1
clamav-debuginfo-0.99.4-33.9.1
clamav-debugsource-0.99.4-33.9.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
clamav-0.99.4-33.9.1
clamav-debuginfo-0.99.4-33.9.1
clamav-debugsource-0.99.4-33.9.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
clamav-0.99.4-33.9.1
clamav-debuginfo-0.99.4-33.9.1
clamav-debugsource-0.99.4-33.9.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
clamav-0.99.4-33.9.1
clamav-debuginfo-0.99.4-33.9.1
clamav-debugsource-0.99.4-33.9.1
References:
https://www.suse.com/security/cve/CVE-2012-6706.html
https://www.suse.com/security/cve/CVE-2017-11423.html
https://www.suse.com/security/cve/CVE-2017-6419.html
https://www.suse.com/security/cve/CVE-2018-0202.html
https://www.suse.com/security/cve/CVE-2018-1000085.html
https://bugzilla.suse.com/1045315
https://bugzilla.suse.com/1049423
https://bugzilla.suse.com/1052449
https://bugzilla.suse.com/1082858
https://bugzilla.suse.com/1083915
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0807-1: important: Security update for memcached
by opensuse-security@opensuse.org 26 Mar '18
by opensuse-security@opensuse.org 26 Mar '18
26 Mar '18
SUSE Security Update: Security update for memcached
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0807-1
Rating: important
References: #1007869 #1007870 #1007871 #1056865 #798458
#817781 #857188 #858676 #858677
Cross-References: CVE-2011-4971 CVE-2013-0179 CVE-2013-7239
CVE-2013-7290 CVE-2013-7291 CVE-2016-8704
CVE-2016-8705 CVE-2016-8706 CVE-2017-9951
Affected Products:
SUSE OpenStack Cloud 6
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for memcached fixes the following issues:
Security issues fixed:
- CVE-2011-4971: remote DoS (bsc#817781).
- CVE-2013-0179: DoS when printing out keys to be deleted in verbose mode
(bsc#798458).
- CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache (bsc#857188).
- CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a
key (bsc#858677).
- CVE-2013-7291: remote DoS (crash) via a request that triggers "unbounded
key print" (bsc#858676).
- CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).
- CVE-2016-8705: Server update remote code execution (bsc#1007870).
- CVE-2016-8706: Server ASL authentication remote code execution
(bsc#1007869).
- CVE-2017-9951: Heap-based buffer over-read in try_read_command function
(incomplete fix for CVE-2016-8705) (bsc#1056865).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2018-545=1
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
memcached-1.4.39-3.3.1
memcached-debuginfo-1.4.39-3.3.1
memcached-debugsource-1.4.39-3.3.1
References:
https://www.suse.com/security/cve/CVE-2011-4971.html
https://www.suse.com/security/cve/CVE-2013-0179.html
https://www.suse.com/security/cve/CVE-2013-7239.html
https://www.suse.com/security/cve/CVE-2013-7290.html
https://www.suse.com/security/cve/CVE-2013-7291.html
https://www.suse.com/security/cve/CVE-2016-8704.html
https://www.suse.com/security/cve/CVE-2016-8705.html
https://www.suse.com/security/cve/CVE-2016-8706.html
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1007869
https://bugzilla.suse.com/1007870
https://bugzilla.suse.com/1007871
https://bugzilla.suse.com/1056865
https://bugzilla.suse.com/798458
https://bugzilla.suse.com/817781
https://bugzilla.suse.com/857188
https://bugzilla.suse.com/858676
https://bugzilla.suse.com/858677
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0806-1: important: Security update for php53
by opensuse-security@opensuse.org 26 Mar '18
by opensuse-security@opensuse.org 26 Mar '18
26 Mar '18
SUSE Security Update: Security update for php53
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0806-1
Rating: important
References: #1076220 #1076391 #1080234 #1083639 #986247
#986391
Cross-References: CVE-2016-10712 CVE-2016-5771 CVE-2016-5773
CVE-2018-5711 CVE-2018-5712 CVE-2018-7584
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for php53 fixes several issues.
These security issues were fixed:
- CVE-2016-10712: In PHP all of the return values of stream_get_meta_data
could be controlled if the input can be controlled (e.g., during file
uploads). (bsc#1080234)
- CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the
URI of a request for a .phar file that allowed for information
disclosure (bsc#1076220)
- CVE-2018-5711: Prevent integer signedness error that could have lead to
an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)
- CVE-2016-5773: php_zip.c in the zip extension in PHP improperly
interacted with the unserialize implementation and garbage collection,
which allowed remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash) via crafted
serialized data containing a ZipArchive object. (bsc#986247)
- CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly
interacted with the unserialize implementation and garbage collection,
which allowed remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash) via crafted
serialized data. (bsc#986391)
- CVE-2018-7584: Fixed stack-based buffer under-read while parsing an
HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-php53-13532=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-php53-13532=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-php53-13532=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-php53-13532=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-php53-13532=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-php53-13532=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
php53-devel-5.3.17-112.20.1
php53-imap-5.3.17-112.20.1
php53-posix-5.3.17-112.20.1
php53-readline-5.3.17-112.20.1
php53-sockets-5.3.17-112.20.1
php53-sqlite-5.3.17-112.20.1
php53-tidy-5.3.17-112.20.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
apache2-mod_php53-5.3.17-112.20.1
php53-5.3.17-112.20.1
php53-bcmath-5.3.17-112.20.1
php53-bz2-5.3.17-112.20.1
php53-calendar-5.3.17-112.20.1
php53-ctype-5.3.17-112.20.1
php53-curl-5.3.17-112.20.1
php53-dba-5.3.17-112.20.1
php53-dom-5.3.17-112.20.1
php53-exif-5.3.17-112.20.1
php53-fastcgi-5.3.17-112.20.1
php53-fileinfo-5.3.17-112.20.1
php53-ftp-5.3.17-112.20.1
php53-gd-5.3.17-112.20.1
php53-gettext-5.3.17-112.20.1
php53-gmp-5.3.17-112.20.1
php53-iconv-5.3.17-112.20.1
php53-intl-5.3.17-112.20.1
php53-json-5.3.17-112.20.1
php53-ldap-5.3.17-112.20.1
php53-mbstring-5.3.17-112.20.1
php53-mcrypt-5.3.17-112.20.1
php53-mysql-5.3.17-112.20.1
php53-odbc-5.3.17-112.20.1
php53-openssl-5.3.17-112.20.1
php53-pcntl-5.3.17-112.20.1
php53-pdo-5.3.17-112.20.1
php53-pear-5.3.17-112.20.1
php53-pgsql-5.3.17-112.20.1
php53-pspell-5.3.17-112.20.1
php53-shmop-5.3.17-112.20.1
php53-snmp-5.3.17-112.20.1
php53-soap-5.3.17-112.20.1
php53-suhosin-5.3.17-112.20.1
php53-sysvmsg-5.3.17-112.20.1
php53-sysvsem-5.3.17-112.20.1
php53-sysvshm-5.3.17-112.20.1
php53-tokenizer-5.3.17-112.20.1
php53-wddx-5.3.17-112.20.1
php53-xmlreader-5.3.17-112.20.1
php53-xmlrpc-5.3.17-112.20.1
php53-xmlwriter-5.3.17-112.20.1
php53-xsl-5.3.17-112.20.1
php53-zip-5.3.17-112.20.1
php53-zlib-5.3.17-112.20.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
apache2-mod_php53-5.3.17-112.20.1
php53-5.3.17-112.20.1
php53-bcmath-5.3.17-112.20.1
php53-bz2-5.3.17-112.20.1
php53-calendar-5.3.17-112.20.1
php53-ctype-5.3.17-112.20.1
php53-curl-5.3.17-112.20.1
php53-dba-5.3.17-112.20.1
php53-dom-5.3.17-112.20.1
php53-exif-5.3.17-112.20.1
php53-fastcgi-5.3.17-112.20.1
php53-fileinfo-5.3.17-112.20.1
php53-ftp-5.3.17-112.20.1
php53-gd-5.3.17-112.20.1
php53-gettext-5.3.17-112.20.1
php53-gmp-5.3.17-112.20.1
php53-iconv-5.3.17-112.20.1
php53-intl-5.3.17-112.20.1
php53-json-5.3.17-112.20.1
php53-ldap-5.3.17-112.20.1
php53-mbstring-5.3.17-112.20.1
php53-mcrypt-5.3.17-112.20.1
php53-mysql-5.3.17-112.20.1
php53-odbc-5.3.17-112.20.1
php53-openssl-5.3.17-112.20.1
php53-pcntl-5.3.17-112.20.1
php53-pdo-5.3.17-112.20.1
php53-pear-5.3.17-112.20.1
php53-pgsql-5.3.17-112.20.1
php53-pspell-5.3.17-112.20.1
php53-shmop-5.3.17-112.20.1
php53-snmp-5.3.17-112.20.1
php53-soap-5.3.17-112.20.1
php53-suhosin-5.3.17-112.20.1
php53-sysvmsg-5.3.17-112.20.1
php53-sysvsem-5.3.17-112.20.1
php53-sysvshm-5.3.17-112.20.1
php53-tokenizer-5.3.17-112.20.1
php53-wddx-5.3.17-112.20.1
php53-xmlreader-5.3.17-112.20.1
php53-xmlrpc-5.3.17-112.20.1
php53-xmlwriter-5.3.17-112.20.1
php53-xsl-5.3.17-112.20.1
php53-zip-5.3.17-112.20.1
php53-zlib-5.3.17-112.20.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
apache2-mod_php53-5.3.17-112.20.1
php53-5.3.17-112.20.1
php53-bcmath-5.3.17-112.20.1
php53-bz2-5.3.17-112.20.1
php53-calendar-5.3.17-112.20.1
php53-ctype-5.3.17-112.20.1
php53-curl-5.3.17-112.20.1
php53-dba-5.3.17-112.20.1
php53-dom-5.3.17-112.20.1
php53-exif-5.3.17-112.20.1
php53-fastcgi-5.3.17-112.20.1
php53-fileinfo-5.3.17-112.20.1
php53-ftp-5.3.17-112.20.1
php53-gd-5.3.17-112.20.1
php53-gettext-5.3.17-112.20.1
php53-gmp-5.3.17-112.20.1
php53-iconv-5.3.17-112.20.1
php53-intl-5.3.17-112.20.1
php53-json-5.3.17-112.20.1
php53-ldap-5.3.17-112.20.1
php53-mbstring-5.3.17-112.20.1
php53-mcrypt-5.3.17-112.20.1
php53-mysql-5.3.17-112.20.1
php53-odbc-5.3.17-112.20.1
php53-openssl-5.3.17-112.20.1
php53-pcntl-5.3.17-112.20.1
php53-pdo-5.3.17-112.20.1
php53-pear-5.3.17-112.20.1
php53-pgsql-5.3.17-112.20.1
php53-pspell-5.3.17-112.20.1
php53-shmop-5.3.17-112.20.1
php53-snmp-5.3.17-112.20.1
php53-soap-5.3.17-112.20.1
php53-suhosin-5.3.17-112.20.1
php53-sysvmsg-5.3.17-112.20.1
php53-sysvsem-5.3.17-112.20.1
php53-sysvshm-5.3.17-112.20.1
php53-tokenizer-5.3.17-112.20.1
php53-wddx-5.3.17-112.20.1
php53-xmlreader-5.3.17-112.20.1
php53-xmlrpc-5.3.17-112.20.1
php53-xmlwriter-5.3.17-112.20.1
php53-xsl-5.3.17-112.20.1
php53-zip-5.3.17-112.20.1
php53-zlib-5.3.17-112.20.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
php53-debuginfo-5.3.17-112.20.1
php53-debugsource-5.3.17-112.20.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
php53-debuginfo-5.3.17-112.20.1
php53-debugsource-5.3.17-112.20.1
References:
https://www.suse.com/security/cve/CVE-2016-10712.html
https://www.suse.com/security/cve/CVE-2016-5771.html
https://www.suse.com/security/cve/CVE-2016-5773.html
https://www.suse.com/security/cve/CVE-2018-5711.html
https://www.suse.com/security/cve/CVE-2018-5712.html
https://www.suse.com/security/cve/CVE-2018-7584.html
https://bugzilla.suse.com/1076220
https://bugzilla.suse.com/1076391
https://bugzilla.suse.com/1080234
https://bugzilla.suse.com/1083639
https://bugzilla.suse.com/986247
https://bugzilla.suse.com/986391
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0799-1: important: Security update for python-paramiko
by opensuse-security@opensuse.org 23 Mar '18
by opensuse-security@opensuse.org 23 Mar '18
23 Mar '18
openSUSE Security Update: Security update for python-paramiko
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0799-1
Rating: important
References: #1085276
Cross-References: CVE-2018-7750
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-paramiko fixes the following issues:
- CVE-2018-7750: Fixed transport.py in the SSH server implementation of
Paramiko that does not properly check whether authentication is
completed before processing other requests (bsc#1085276).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-305=1
Package List:
- openSUSE Leap 42.3 (noarch):
python-paramiko-2.0.8-4.3.1
References:
https://www.suse.com/security/cve/CVE-2018-7750.html
https://bugzilla.suse.com/1085276
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0786-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 23 Mar '18
by opensuse-security@opensuse.org 23 Mar '18
23 Mar '18
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0786-1
Rating: important
References: #1006867 #1012382 #1015342 #1015343 #1020645
#1022607 #1024376 #1027054 #1031717 #1033587
#1034503 #1042286 #1043441 #1043725 #1043726
#1062840 #1065600 #1065615 #1066223 #1067118
#1068032 #1068569 #1069135 #1070404 #1071306
#1071892 #1072363 #1072689 #1072739 #1072865
#1073401 #1073407 #1074198 #1074426 #1075087
#1076282 #1076693 #1076760 #1076982 #1077241
#1077285 #1077513 #1077560 #1077779 #1078583
#1078672 #1078673 #1078787 #1079029 #1079038
#1079195 #1079313 #1079384 #1079609 #1079886
#1079989 #1080014 #1080263 #1080321 #1080344
#1080364 #1080384 #1080464 #1080533 #1080656
#1080774 #1080813 #1080851 #1081134 #1081431
#1081436 #1081437 #1081491 #1081498 #1081500
#1081512 #1081514 #1081681 #1081735 #1082089
#1082223 #1082299 #1082373 #1082478 #1082632
#1082795 #1082864 #1082897 #1082979 #1082993
#1083048 #1083086 #1083223 #1083387 #1083409
#1083494 #1083548 #1083750 #1083770 #1084041
#1084397 #1084427 #1084610 #1084772 #1084888
#1084926 #1084928 #1084967 #1085011 #1085015
#1085045 #1085047 #1085050 #1085053 #1085054
#1085056 #1085107 #1085224 #1085239 #863764
#966170 #966172 #966328 #969476 #969477 #975772
#983145
Cross-References: CVE-2017-13166 CVE-2017-15951 CVE-2017-16644
CVE-2017-16912 CVE-2017-16913 CVE-2017-17975
CVE-2017-18174 CVE-2017-18208 CVE-2018-1000026
CVE-2018-1068 CVE-2018-8087
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Live Patching 12-SP3
SUSE Linux Enterprise High Availability 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 116 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.120 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-13166: An elevation of privilege vulnerability in the v4l2
video driver. (bnc#1072865).
- CVE-2017-15951: The KEYS subsystem did not correctly synchronize the
actions of updating versus finding a key in the "negative" state to
avoid a race condition, which allowed local users to cause a denial of
service or possibly have unspecified other impact via crafted system
calls (bnc#1062840 bnc#1065615).
- CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)
allowed attackers to cause a denial of service (out-of-bounds read) via
a specially crafted USB over IP packet (bnc#1078673).
- CVE-2017-16913: The "stub_recv_cmd_submit()" function
(drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed
attackers to cause a denial of service (arbitrary memory allocation) via
a specially crafted USB over IP packet (bnc#1078672).
- CVE-2017-17975: Use-after-free in the usbtv_probe function in
drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial
of service (system crash) or possibly have unspecified other impact by
triggering failure of audio registration, because a kfree of the usbtv
data structure occurs during a usbtv_video_free call, but the
usbtv_video_fail label's code attempts to both access and free this data
structure (bnc#1074426).
- CVE-2017-18174: The amd_gpio_remove function in
drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,
leading to a double free (bnc#1080533).
- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
local users to cause a denial of service (infinite loop) by triggering
use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
- CVE-2018-1000026: A insufficient input validation vulnerability in bnx2x
network card driver could result in DoS: Network card firmware assertion
takes card off-line. This attack appear to be exploitable via An
attacker on a must pass a very large, specially crafted packet to the
bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).
- CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a
denial of service (memory consumption) by triggering an out-of-array
error case (bnc#1085053).
- CVE-2018-1068: Insufficient user provided offset checking in the
ebtables compat code allowed local attackers to overwrite kernel memory
and potentially execute code. (bsc#1085107)
The following non-security bugs were fixed:
- acpi / bus: Leave modalias empty for devices which are not present
(bnc#1012382).
- acpi, nfit: fix health event notification (FATE#321135, FATE#321217,
FATE#321256, FATE#321391, FATE#321393).
- acpi, nfit: fix register dimm error handling (FATE#321135, FATE#321217,
FATE#321256, FATE#321391, FATE#321393).
- acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).
- Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).
- add ip6_make_flowinfo helper (bsc#1042286).
- ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).
- ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
(bnc#1012382).
- ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).
- alpha: fix crash if pthread_create races with signal delivery
(bnc#1012382).
- alpha: fix reboot on Avanti platform (bnc#1012382).
- alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).
- alsa: hda - Fix headset mic detection problem for two Dell machines
(bnc#1012382).
- alsa: hda/realtek - Add headset mode support for Dell laptop
(bsc#1031717).
- alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).
- alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).
- alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).
- alsa: seq: Fix racy pool initializations (bnc#1012382).
- alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).
- alsa: usb-audio: add implicit fb quirk for Behringer UFX1204
(bnc#1012382).
- alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
(bnc#1012382).
- amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).
- arm64: add PTE_ADDR_MASK (bsc#1068032).
- arm64: barrier: Add CSDB macros to control data-value prediction
(bsc#1068032).
- arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).
- arm64: Disable unhandled signal log messages by default (bnc#1012382).
- arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).
- arm64: entry: Apply BP hardening for high-priority synchronous
exceptions (bsc#1068032).
- arm64: entry: Apply BP hardening for suspicious interrupts from EL0
(bsc#1068032).
- arm64: entry: Ensure branch through syscall table is bounded under
speculation (bsc#1068032).
- arm64: entry: Reword comment about post_ttbr_update_workaround
(bsc#1068032).
- arm64: Force KPTI to be disabled on Cavium ThunderX (bsc#1068032).
- arm64: futex: Mask __user pointers prior to dereference (bsc#1068032).
- arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
(bsc#1068032).
- arm64: Implement array_index_mask_nospec() (bsc#1068032).
- arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
(bnc#1012382).
- arm64: kpti: Add ->enable callback to remap swapper using nG mappings
(bsc#1068032).
- arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
(bsc#1068032).
- arm64: Make USER_DS an inclusive limit (bsc#1068032).
- arm64: mm: Permit transitioning from Global to Non-Global without BBM
(bsc#1068032).
- arm64: move TASK_* definitions to <asm/processor.h> (bsc#1068032).
- arm64: Run enable method for errata work arounds on late CPUs
(bsc#1085045).
- arm64: uaccess: Do not bother eliding access_ok checks in __{get,
put}_user (bsc#1068032).
- arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
(bsc#1068032).
- arm64: uaccess: Prevent speculative use of the current addr_limit
(bsc#1068032).
- arm64: Use pointer masking to limit uaccess speculation (bsc#1068032).
- arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
(bnc#1012382).
- arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
(bnc#1012382).
- arm: dts: am4372: Correct the interrupts_properties of McASP
(bnc#1012382).
- arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
(bnc#1012382).
- arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).
- arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).
- arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
(bnc#1012382).
- arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls
(bnc#1012382).
- arm: OMAP2+: Fix SRAM virt to phys translation for
save_secure_ram_context (bnc#1012382).
- arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).
- arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).
- arm: spear13xx: Fix dmas cells (bnc#1012382).
- arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).
- arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).
- arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).
- asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).
- asoc: Intel: Kconfig: fix build when ACPI is not enabled (bnc#1012382).
- asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
(bsc#1031717).
- asoc: mediatek: add i2c dependency (bnc#1012382).
- asoc: nuc900: Fix a loop timeout test (bsc#1031717).
- asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- asoc: rockchip: disable clock on error (bnc#1012382).
- asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).
- asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).
- asoc: simple-card: Fix misleading error message (bnc#1012382).
- asoc: ux500: add MODULE_LICENSE tag (bnc#1012382).
- ata: ahci_xgene: free structure returned by acpi_get_object_info()
(bsc#1082979).
- ata: pata_artop: remove redundant initialization of pio (bsc#1082979).
- ata: sata_dwc_460ex: remove incorrect locking (bsc#1082979).
- b2c2: flexcop: avoid unused function warnings (bnc#1012382).
- binder: add missing binder_unlock() (bnc#1012382).
- binder: check for binder_thread allocation failure in binder_poll()
(bnc#1012382).
- binfmt_elf: compat: avoid unused function warning (bnc#1012382).
- blk-mq: add warning to __blk_mq_run_hw_queue() for ints disabled
(bsc#1084772).
- blk-mq: stop 'delayed_run_work' in blk_mq_stop_hw_queue() (bsc#1084967).
- blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk (bsc#1084772).
- blktrace: fix unlocked registration of tracepoints (bnc#1012382).
- block: fix an error code in add_partition() (bsc#1082979).
- block: Fix __bio_integrity_endio() documentation (bsc#1082979).
- bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).
- bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
version (bnc#1012382).
- bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine
(bnc#1012382).
- bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).
- bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).
- bpf: fix 32-bit divide by zero (bnc#1012382).
- bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).
- bpf: fix divides by zero (bnc#1012382).
- bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).
- bpf: reject stores into ctx via st and xadd (bnc#1012382).
- bridge: implement missing ndo_uninit() (bsc#1042286).
- bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: fix crash due to not cleaning up tree log block's dirty bits
(bnc#1012382).
- btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).
- btrfs: fix deadlock when writing out space cache (bnc#1012382).
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
(bnc#1012382).
- btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).
- btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).
- btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
(bnc#1012382).
- can: flex_can: Correct the checking for frame length in
flexcan_start_xmit() (bnc#1012382).
- cdrom: turn off autoclose by default (bsc#1080813).
- ceph: fix incorrect snaprealm when adding caps (bsc#1081735).
- ceph: fix un-balanced fsc->writeback_count update (bsc#1081735).
- cfg80211: check dev_set_name() return value (bnc#1012382).
- cfg80211: fix cfg80211_beacon_dup (bnc#1012382).
- cifs: dump IPC tcon in debug proc file (bsc#1071306).
- cifs: Fix autonegotiate security settings mismatch (bnc#1012382).
- cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).
- cifs: make IPC a regular tcon (bsc#1071306).
- cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
(bsc#1071306).
- cifs: zero sensitive data when freeing (bnc#1012382).
- clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).
- console/dummy: leave .con_font_get set to NULL (bnc#1012382).
- cpufreq: Add Loongson machine dependencies (bnc#1012382).
- crypto: aesni - handle zero length dst buffer (bnc#1012382).
- crypto: af_alg - whitelist mask and type (bnc#1012382).
- crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).
- crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).
- crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).
- crypto: poly1305 - remove ->setkey() method (bnc#1012382).
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).
- crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).
(bnc#1012382).
- crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).
- cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).
- dccp: limit sk_filter trim to payload (bsc#1042286).
- dell-wmi, dell-laptop: depends DMI (bnc#1012382).
- direct-io: Fix sleep in atomic due to sync AIO (bsc#1084888).
- dlm: fix double list_del() (bsc#1082795).
- dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).
- dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved (bnc#1012382).
- dmaengine: dmatest: fix container_of member in dmatest_callback
(bnc#1012382).
- dmaengine: ioat: Fix error handling path (bnc#1012382).
- dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).
- dmaengine: zx: fix build warning (bnc#1012382).
- dm: correctly handle chained bios in dec_pending() (bnc#1012382).
- dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
(bnc#1012382).
- do not put symlink bodies in pagecache into highmem (bnc#1012382).
- dpt_i2o: fix build warning (bnc#1012382).
- driver-core: use 'dev' argument in dev_dbg_ratelimited stub
(bnc#1012382).
- drivers: hv: balloon: Correctly update onlined page count (fate#315887,
bsc#1082632).
- drivers: hv: balloon: Initialize last_post_time on startup (fate#315887,
bsc#1082632).
- drivers: hv: balloon: Show the max dynamic memory assigned (fate#315887,
bsc#1082632).
- drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id
(fate#315887, bsc#1082632).
- drivers: hv: Turn off write permission on the hypercall page
(fate#315887, bsc#1082632).
- drivers: hv: vmbus: Fix rescind handling (fate#315887, bsc#1082632).
- drivers: hv: vmbus: Fix rescind handling issues (fate#315887,
bsc#1082632).
- drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).
- drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
(bnc#1012382).
- drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).
- drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).
- drm/armada: fix leak of crtc structure (bnc#1012382).
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).
- drm/gma500: remove helper function (bnc#1012382).
- drm/gma500: Sanity-check pipe index (bnc#1012382).
- drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).
- drm/nouveau/pci: do a msi rearm on init (bnc#1012382).
- drm/radeon: adjust tested variable (bnc#1012382).
- drm: rcar-du: Fix race condition when disabling planes at CRTC stop
(bnc#1012382).
- drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
(bnc#1012382).
- drm/ttm: check the return value of kzalloc (bnc#1012382).
- drm/vmwgfx: use *_32_bits() macros (bnc#1012382).
- Drop SUSE-specific qla2xxx patches (bsc#1043726)
- e1000: fix disabling already-disabled warning (bnc#1012382).
- edac, octeon: Fix an uninitialized variable warning (bnc#1012382).
- em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).
- enable DST_CACHE in non-vanilla configs except s390x/zfcpdump
- ext4: correct documentation for grpid mount option (bnc#1012382).
- ext4: do not unnecessarily allocate buffer in recently_deleted()
(bsc#1080344).
- ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).
- ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).
- f2fs: fix a bug caused by NULL extent tree (bsc#1082478). Does not
affect SLE release but should be merged into leap updates
- fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).
- fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).
- fbdev: sis: enforce selection of at least one backend (bnc#1012382).
- fbdev: sm712fb: avoid unused function warnings (bnc#1012382).
- fs: Avoid invalidation in interrupt context in dio_complete()
(bsc#1073407 bsc#1069135).
- fs: Fix page cache inconsistency when mixing buffered and AIO DIO
(bsc#1073407 bsc#1069135).
- fs: invalidate page cache after end_io() in dio completion (bsc#1073407
bsc#1069135).
- ftrace: Remove incorrect setting of glob search field (bnc#1012382).
- geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).
- genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
(bnc#1012382).
- genirq/msi: Fix populating multiple interrupts (bsc#1085047).
- genirq: Restore trigger settings in irq_modify_status() (bsc#1085056).
- genksyms: Fix segfault with invalid declarations (bnc#1012382).
- gianfar: fix a flooded alignment reports because of padding issue
(bnc#1012382).
- go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).
- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).
- gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).
- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).
- gre: build header correctly for collect metadata tunnels (bsc#1042286).
- gre: do not assign header_ops in collect metadata mode (bsc#1042286).
- gre: do not keep the GRE header around in collect medata mode
(bsc#1042286).
- gre: reject GUE and FOU in collect metadata mode (bsc#1042286).
- hdpvr: hide unused variable (bnc#1012382).
- hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
(bnc#1012382).
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
(bnc#1012382).
- hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
(bnc#1012382).
- hv_netvsc: Add ethtool handler to set and get TCP hash levels
(fate#315887, bsc#1082632).
- hv_netvsc: Add ethtool handler to set and get UDP hash levels
(fate#315887, bsc#1082632).
- hv_netvsc: Add initialization of tx_table in netvsc_device_add()
(fate#315887, bsc#1082632).
- hv_netvsc: Change the hash level variable to bit flags (fate#315887,
bsc#1082632).
- hv_netvsc: Clean up an unused parameter in rndis_filter_set_rss_param()
(fate#315887, bsc#1082632).
- hv_netvsc: Clean up unused parameter from netvsc_get_hash()
(fate#315887, bsc#1082632).
- hv_netvsc: Clean up unused parameter from netvsc_get_rss_hash_opts()
(fate#315887, bsc#1082632).
- hv_netvsc: copy_to_send buf can be void (fate#315887, bsc#1082632).
- hv_netvsc: do not need local xmit_more (fate#315887, bsc#1082632).
- hv_netvsc: drop unused macros (fate#315887, bsc#1082632).
- hv_netvsc: empty current transmit aggregation if flow blocked
(fate#315887, bsc#1082632).
- hv_netvsc: Fix rndis_filter_close error during netvsc_remove
(fate#315887, bsc#1082632).
- hv_netvsc: fix send buffer failure on MTU change (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the channel limit in netvsc_set_rxfh() (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the real number of queues of non-vRSS cases (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the receive buffer size limit (fate#315887, bsc#1082632).
- hv_netvsc: Fix the TX/RX buffer default sizes (fate#315887, bsc#1082632).
- hv_netvsc: hide warnings about uninitialized/missing rndis device
(fate#315887, bsc#1082632).
- hv_netvsc: make const array ver_list static, reduces object code size
(fate#315887, bsc#1082632).
- hv_netvsc: optimize initialization of RNDIS header (fate#315887,
bsc#1082632).
- hv_netvsc: pass netvsc_device to receive callback (fate#315887,
bsc#1082632).
- hv_netvsc: remove open_cnt reference count (fate#315887, bsc#1082632).
- hv_netvsc: Rename ind_table to rx_table (fate#315887, bsc#1082632).
- hv_netvsc: Rename tx_send_table to tx_table (fate#315887, bsc#1082632).
- hv_netvsc: replace divide with mask when computing padding (fate#315887,
bsc#1082632).
- hv_netvsc: report stop_queue and wake_queue (fate#315887, bsc#1082632).
- hv_netvsc: simplify function args in receive status path (fate#315887,
bsc#1082632).
- hv_netvsc: Simplify the limit check in netvsc_set_channels()
(fate#315887, bsc#1082632).
- hv_netvsc: track memory allocation failures in ethtool stats
(fate#315887, bsc#1082632).
- hv: preserve kabi by keeping hv_do_hypercall (bnc#1082632).
- hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).
- hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).
- hyper-v: trace vmbus_ongpadl_created() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_ongpadl_torndown() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_on_message() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_on_msg_dpc() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onoffer() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onoffer_rescind() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onopen_result() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onversion_response() (fate#315887, bsc#1082632).
- hyper-v: Use fast hypercall for HVCALL_SIGNAL_EVENT (fate#315887,
bsc#1082632).
- i2c: remove __init from i2c_register_board_info() (bnc#1012382).
- i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648
bsc#969477 FATE#319816).
- i40iw: Fix sequence number for the first partial FPDU (bsc#969476
FATE#319648 bsc#969477 FATE#319816).
- i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648
bsc#969477 FATE#319816).
- i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476
FATE#319648 bsc#969477 FATE#319816).
- i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376
FATE#321249).
- i40iw: Validate correct IRD/ORD connection parameters (bsc#969476
FATE#319648 bsc#969477 FATE#319816).
- ib/hfi1: Fix for potential refcount leak in hfi1_open_file()
(FATE#321231 FATE#321473).
- ib/iser: Handle lack of memory management extentions correctly
(bsc#1082979).
- ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH
ports (bnc#1012382).
- ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).
- ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).
- ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).
- ibmvnic: Allocate max queues stats buffers (bsc#1081498).
- ibmvnic: Allocate statistics buffers during probe (bsc#1082993).
- ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,
git-fixes).
- ibmvnic: Clean RX pool buffers during device close (bsc#1081134).
- ibmvnic: Clean up device close (bsc#1084610).
- ibmvnic: Correct goto target for tx irq initialization failure
(bsc#1082223).
- ibmvnic: Do not attempt to login if RX or TX queues are not allocated
(bsc#1082993).
- ibmvnic: Do not disable device during failover or partition migration
(bsc#1084610).
- ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).
- ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).
- ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).
- ibmvnic: fix firmware version when no firmware level has been provided
by the VIOS server (bsc#1079038).
- ibmvnic: Fix login buffer memory leaks (bsc#1081134).
- ibmvnic: Fix NAPI structures memory leak (bsc#1081134).
- ibmvnic: Fix recent errata commit (bsc#1085239).
- ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).
- ibmvnic: Fix TX descriptor tracking again (bsc#1082993).
- ibmvnic: Fix TX descriptor tracking (bsc#1081491).
- ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change
(bsc#1081498).
- ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).
- ibmvnic: Generalize TX pool structure (bsc#1085224).
- ibmvnic: Handle TSO backing device errata (bsc#1085239).
- ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).
- ibmvnic: Improve TX buffer accounting (bsc#1085224).
- ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).
- ibmvnic: Make napi usage dynamic (bsc#1081498).
- ibmvnic: Move active sub-crq count settings (bsc#1081498).
- ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).
- ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).
- ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).
- ibmvnic: Rename active queue count variables (bsc#1081498).
- ibmvnic: Reorganize device close (bsc#1084610).
- ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).
- ibmvnic: Reset long term map ID counter (bsc#1080364).
- ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).
- ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).
- ibmvnic: Update release RX pool routine (bsc#1085224).
- ibmvnic: Update TX and TX completion routines (bsc#1085224).
- ibmvnic: Update TX pool initialization routine (bsc#1085224).
- ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).
- ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231
FATE#321473).
- ib/srpt: Remove an unused structure member (bsc#1082979).
- idle: i7300: add PCI dependency (bnc#1012382).
- igb: Free IRQs when device is hotplugged (bnc#1012382).
- iio: adc: axp288: remove redundant duplicate const on
axp288_adc_channels (bnc#1012382).
- iio: adis_lib: Initialize trigger before requesting interrupt
(bnc#1012382).
- iio: buffer: check if a buffer has been set up when poll is called
(bnc#1012382).
- input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
(bnc#1012382).
- input: tca8418_keypad - remove double read of key event register
(git-fixes).
- iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).
- iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).
- iommu/amd: Fix alloc_irq_index() increment (bsc#975772).
- iommu/amd: Limit the IOVA page range to the specified addresses
(fate#321026).
- iommu/arm-smmu-v3: Cope with duplicated Stream IDs (bsc#1084926).
- iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
(bsc#1084928).
- iommu/vt-d: Use domain instead of cache fetching (bsc#975772).
- ip6mr: fix stale iterator (bnc#1012382).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- ip_tunnel: fix preempt warning in ip tunnel creation/updating
(bnc#1012382).
- ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).
- ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).
- ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).
- ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).
- ipv4: update comment to document GSO fragmentation cases (bsc#1042286).
- ipv6: datagram: Refactor dst lookup and update codes to a new function
(bsc#1042286).
- ipv6: datagram: Refactor flowi6 init codes to a new function
(bsc#1042286).
- ipv6: datagram: Update dst cache of a connected datagram sk during pmtu
update (bsc#1042286).
- ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).
- ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).
- ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).
- ipv6: remove unused in6_addr struct (bsc#1042286).
- ipv6: tcp: fix endianness annotation in tcp_v6_send_response
(bsc#1042286).
- ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).
- ipvlan: Add the skb->mark as flow4's member to lookup route
(bnc#1012382).
- ipvlan: fix multicast processing (bsc#1042286).
- ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
(bnc#1012382).
- isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).
- isdn: icn: remove a #warning (bnc#1012382).
- isdn: sc: work around type mismatch warning (bnc#1012382).
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
(git-fixes).
- kABI: protect struct cpuinfo_x86 (kabi).
- kABI: protect struct ethtool_link_settings (bsc#1085050).
- kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all
(kabi).
- kABI: reintroduce crypto_poly1305_setkey (kabi).
- kabi: restore kabi after "net: replace dst_cache ip6_tunnel
implementation with the generic one" (bsc#1082897).
- kabi: restore nft_set_elem_destroy() signature (bsc#1042286).
- kabi: restore rhashtable_insert_slow() signature (bsc#1042286).
- kabi/severities: add sclp to KABI ignore list
- kabi/severities: add __x86_indirect_thunk_rsp
- kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have
spoken, let there be light.
- kabi/severities: Ignore kvm for KABI severities
- kabi: uninline sk_receive_skb() (bsc#1042286).
- kaiser: fix compile error without vsyscall (bnc#1012382).
- kaiser: fix intel_bts perf crashes (bnc#1012382).
- kasan: rework Kconfig settings (bnc#1012382).
- kernel/async.c: revert "async: simplify lowest_in_progress()"
(bnc#1012382).
- kernel: fix rwlock implementation (bnc#1079886, LTC#164371).
- kernfs: fix regression in kernfs_fop_write caused by wrong type
(bnc#1012382).
- keys: encrypted: fix buffer overread in valid_master_desc()
(bnc#1012382).
- kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).
- kvm: add X86_LOCAL_APIC dependency (bnc#1012382).
- kvm: ARM64: fix phy counter access failure in guest (bsc#1085015).
- kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
(bsc#1079029).
- kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
(bnc#1012382).
- kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2
(bnc#1012382).
- kvm: nVMX: invvpid handling improvements (bnc#1012382).
- kvm: nVMX: kmap() can't fail (bnc#1012382).
- kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail
(bnc#1012382).
- kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled
(bsc#1066223).
- kvm: s390: Add operation exception interception handler (FATE#324070,
LTC#158959).
- kvm: s390: Add sthyi emulation (FATE#324070, LTC#158959).
- kvm: s390: Enable all facility bits that are known good for passthrough
(FATE#324071, LTC#158956).
- kvm: s390: Extend diag 204 fields (FATE#324070, LTC#158959).
- kvm: s390: Fix STHYI buffer alignment for diag224 (FATE#324070,
LTC#158959).
- kvm: s390: instruction-execution-protection support (LTC#162428).
- kvm: s390: Introduce BCD Vector Instructions to the guest (FATE#324072,
LTC#158953).
- kvm: s390: Introduce Vector Enhancements facility 1 to the guest
(FATE#324072, LTC#158953).
- kvm: s390: Limit sthyi execution (FATE#324070, LTC#158959).
- kvm: s390: Populate mask of non-hypervisor managed facility bits
(FATE#324071, LTC#158956).
- kvm: VMX: clean up declaration of VPID/EPT invalidation types
(bnc#1012382).
- kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).
- kvm: VMX: Make indirect call speculation safe (bnc#1012382).
- kvm: x86: Do not re-execute instruction when not passing CR2 value
(bnc#1012382).
- kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
(bnc#1012382).
- kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).
- kvm: X86: Fix operand/address-size during instruction decoding
(bnc#1012382).
- kvm: x86: ioapic: Clear Remote IRR when entry is switched to
edge-triggered (bnc#1012382).
- kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
(bnc#1012382).
- kvm: x86: ioapic: Preserve read-only values in the redirection table
(bnc#1012382).
- kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).
- kvm/x86: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
(bnc#1012382).
- l2tp: fix use-after-free during module unload (bsc#1042286).
- led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- libceph: check kstrndup() return value (bsc#1081735).
- lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).
- lib/uuid.c: introduce a few more generic helpers (fate#315887,
bsc#1082632).
- lib/uuid.c: use correct offset in uuid parser (fate#315887, bsc#1082632).
- livepatch: introduce shadow variable API (bsc#1082299 fate#313296).
Shadow variables support.
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299
fate#313296). Shadow variables support.
- lockd: fix "list_add double add" caused by legacy signal interface
(bnc#1012382).
- loop: fix concurrent lo_open/lo_release (bnc#1012382).
- mac80211: fix the update of path metric for RANN frame (bnc#1012382).
- mac80211: mesh: drop frames appearing to be from us (bnc#1012382).
- Make DST_CACHE a silent config option (bnc#1012382).
- mdio-sun4i: Fix a memory leak (bnc#1012382).
- md/raid1: Use a new variable to count flighting sync
requests(bsc#1083048)
- media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(bnc#1012382).
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(bnc#1012382).
- media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).
- media: s5k6aa: describe some function parameters (bnc#1012382).
- media: soc_camera: soc_scale_crop: add missing
MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).
- media: usbtv: add a new usbid (bnc#1012382).
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain
errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
(bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
(bnc#1012382).
- mmc: bcm2835: Do not overwrite max frequency unconditionally
(bsc#983145, git-fixes).
- mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).
- mm: hide a #warning for COMPILE_TEST (bnc#1012382).
- mm/kmemleak.c: make cond_resched() rate-limiting more efficient
(git-fixes).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1081500).
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed (bnc#1012382).
- mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user
copy (bnc#1012382).
- modsign: hide openssl output in silent builds (bnc#1012382).
- module/retpoline: Warn about missing retpoline in module (bnc#1012382).
- mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).
- mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).
- mtd: cfi: convert inline functions to macros (bnc#1012382).
- mtd: cfi: enforce valid geometry configuration (bnc#1012382).
- mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).
- mtd: maps: add __init attribute (bnc#1012382).
- mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).
- mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
(bnc#1012382).
- mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).
- mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).
- mvpp2: fix multicast address filter (bnc#1012382).
- ncpfs: fix unused variable warning (bnc#1012382).
- ncr5380: shut up gcc indentation warning (bnc#1012382).
- net: add dst_cache support (bnc#1012382).
- net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).
- net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).
- net: cdc_ncm: initialize drvflags before usage (bnc#1012382).
- net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).
- net: ena: add detection and recovery mechanism for handling
missed/misrouted MSI-X (bsc#1083548).
- net: ena: add new admin define for future support of IPv6 RSS
(bsc#1083548).
- net: ena: add power management ops to the ENA driver (bsc#1083548).
- net: ena: add statistics for missed tx packets (bsc#1083548).
- net: ena: fix error handling in ena_down() sequence (bsc#1083548).
- net: ena: fix race condition between device reset and link up setup
(bsc#1083548).
- net: ena: fix rare kernel crash when bar memory remap fails
(bsc#1083548).
- net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).
- net: ena: improve ENA driver boot time (bsc#1083548).
- net: ena: increase ena driver version to 1.3.0 (bsc#1083548).
- net: ena: increase ena driver version to 1.5.0 (bsc#1083548).
- net: ena: reduce the severity of some printouts (bsc#1083548).
- net: ena: remove legacy suspend suspend/resume support (bsc#1083548).
- net: ena: Remove redundant unlikely() (bsc#1083548).
- net: ena: unmask MSI-X only after device initialization is completed
(bsc#1083548).
- net: ethernet: cavium: Correct Cavium Thunderx NIC driver names
accordingly to module name (bsc#1085011).
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(bnc#1012382).
- net: ethtool: Add back transceiver type (bsc#1085050).
- net: ethtool: remove error check for legacy setting transceiver type
(bsc#1085050).
- netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
(bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check() (bnc#1012382).
- netfilter: ipvs: avoid unused variable warnings (bnc#1012382).
- netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).
- netfilter: nf_tables: fix a wrong check to skip the inactive rules
(bsc#1042286).
- netfilter: nf_tables: fix inconsistent element expiration calculation
(bsc#1042286).
- netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).
- netfilter: nf_tables: fix race when create new element in dynset
(bsc#1042286).
- netfilter: on sockopt() acquire sock lock only in the required scope
(bnc#1012382).
- netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target} (bnc#1012382).
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
(bnc#1012382).
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
(bnc#1012382).
- netfilter: xt_socket: fix transparent match for IPv6 request sockets
(bsc#1042286).
- net: gianfar_ptp: move set_fipers() to spinlock protecting area
(bnc#1012382).
- net: hns: add ACPI mode support for ethtool -p (bsc#1084041).
- net: hp100: remove unnecessary #ifdefs (bnc#1012382).
- net: igmp: add a missing rcu locking section (bnc#1012382).
- net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags
(bsc#1042286).
- netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).
- net/mlx5e: Fix loopback self test when GRO is off (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
- net/mlx5e: Fix wrong delay calculation for overflow check scheduling
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
- net/mlx5e: Verify inline header size do not exceed SKB linear size
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
- net/mlx5: Use 128B cacheline size for 128B or larger cachelines
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
- net: phy: Keep reporting transceiver type (bsc#1085050).
- net: replace dst_cache ip6_tunnel implementation with the generic one
(bnc#1012382).
- net_sched: red: Avoid devision by zero (bnc#1012382).
- net_sched: red: Avoid illegal values (bnc#1012382).
- net/smc: fix NULL pointer dereference on sock_create_kern() error path
(bsc#1082979).
- netvsc: allow controlling send/recv buffer size (fate#315887,
bsc#1082632).
- netvsc: allow driver to be removed even if VF is present (fate#315887,
bsc#1082632).
- netvsc: check error return when restoring channels and mtu (fate#315887,
bsc#1082632).
- netvsc: cleanup datapath switch (fate#315887, bsc#1082632).
- netvsc: do not signal host twice if empty (fate#315887, bsc#1082632).
- netvsc: fix deadlock betwen link status and removal (fate#315887,
bsc#1082632).
- netvsc: increase default receive buffer size (fate#315887, bsc#1082632).
- netvsc: keep track of some non-fatal overload conditions (fate#315887,
bsc#1082632).
- netvsc: no need to allocate send/receive on numa node (fate#315887,
bsc#1082632).
- netvsc: propagate MAC address change to VF slave (fate#315887,
bsc#1082632).
- netvsc: remove unnecessary cast of void pointer (fate#315887,
bsc#1082632).
- netvsc: remove unnecessary check for NULL hdr (fate#315887, bsc#1082632).
- netvsc: whitespace cleanup (fate#315887, bsc#1082632).
- net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).
- net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).
- nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).
- nfs: commit direct writes even if they fail partially (bnc#1012382).
- nfsd: check for use of the closed special stateid (bnc#1012382).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
(bnc#1012382).
- nfsd: Ensure we check stateid validity in the seqid operation checks
(bnc#1012382).
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).
- nfs: fix a deadlock in nfs client initialization (bsc#1074198).
- nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
(bnc#1012382).
- nfs: reject request for id_legacy key without auxdata (bnc#1012382).
- nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).
- nvme_fc: cleanup io completion (bsc#1079609).
- nvme_fc: correct abort race condition on resets (bsc#1079609).
- nvme_fc: fix abort race on teardown with lld reject (bsc#1083750).
- nvme_fc: fix ctrl create failures racing with workq items (bsc#1076982).
- nvme_fc: io timeout should defer abort to ctrl reset (bsc#1085054).
- nvme-fc: kick admin requeue list on disconnect (bsc#1077241).
- nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195).
- nvme_fc: minor fixes on sqsize (bsc#1076760).
- nvme_fc: on remoteport reuse, set new nport_id and role (bsc#1076760).
- nvme_fc: rework sqsize handling (bsc#1076760).
- nvme: Fix managing degraded controllers (bnc#1012382).
- nvme: Fix setting logical block format when revalidating (bsc#1079313).
- nvme: only start KATO if the controller is live (bsc#1083387).
- nvme-pci: clean up CMB initialization (bsc#1082979).
- nvme-pci: clean up SMBSZ bit definitions (bsc#1082979).
- nvme-pci: consistencly use ctrl->device for logging (bsc#1082979).
- nvme-pci: fix typos in comments (bsc#1082979).
- nvme-pci: Remap CMB SQ entries on every controller reset (bsc#1082979).
- nvme-pci: Use PCI bus address for data/queues in CMB (bsc#1082979).
- nvme: Quirks for PM1725 controllers (bsc#1082979).
- nvme_rdma: clear NVME_RDMA_Q_LIVE bit if reconnect fails (bsc#1083770).
- nvme-rdma: fix concurrent reset and reconnect (bsc#1082979).
- nvme: remove nvme_revalidate_ns (bsc#1079313).
- ocfs2: return error when we attempt to access a dirty bh in jbd2
(bsc#1070404).
- openvswitch: fix the incorrect flow action alloc size (bnc#1012382).
- ovl: fix failure to fsync lower dir (bnc#1012382).
- ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).
- ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).
- pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).
- pci: hv: Do not sleep in compose_msi_msg() (fate#315887, bsc#1082632).
- pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382).
- pci/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs
(bsc#1082979).
- perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).
- perf top: Fix window dimensions change handling (bnc#1012382).
- perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
(bnc#1012382).
- pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).
- pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).
- platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
(bnc#1012382).
- pm / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).
- pm / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).
- posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).
- power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).
- powerpc/64: Fix flush_(d|i)cache_range() called from modules
(FATE#315275 LTC#103998 bnc#1012382 bnc#863764).
- powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
(bnc#1012382).
- powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
bsc#1075087).
- powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).
- powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022,
bsc#1081514).
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
(bsc#1081512).
- powerpc/numa: Use ibm,max-associativity-domains to discover possible
nodes (FATE#322022, bsc#1081514).
- powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).
- powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers
(bsc#1066223).
- powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
(bsc#1066223).
- powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc/pseries: Fix cpu hotplug crash with memoryless nodes
(FATE#322022, bsc#1081514).
- powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc: Simplify module TOC handling (bnc#1012382).
- power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).
- Provide a function to create a NUL-terminated string from unterminated
data (bnc#1012382).
- pwc: hide unused label (bnc#1012382).
- qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).
- qla2xxx: Add FC-NVMe abort processing (bsc#1084427).
- qla2xxx: asynchronous pci probing (bsc#1034503).
- qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427).
- qla2xxx: Convert QLA_TGT_ABTS to TARGET_SCF_LOOKUP_LUN_FROM_TAG
(bsc#1043726,FATE#324770).
- qla2xxx: do not check login_state if no loop id is assigned
(bsc#1081681).
- qla2xxx: ensure async flags are reset correctly (bsc#1081681).
- qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).
- qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).
- qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)
(bsc#1043726,FATE#324770).
- qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427).
- qla2xxx: Fix NVMe entry_type for iocb packet on BE system
(bsc#1043726,FATE#324770).
- qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).
- qla2xxx: Fixup locking for session deletion (bsc#1081681).
- qla2xxx: Remove nvme_done_list (bsc#1084427).
- qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe
(bsc#1084427).
- qla2xxx: remove use of FC-specific error codes (bsc#1043726,FATE#324770).
- qla2xxx: Restore ZIO threshold setting (bsc#1084427).
- qla2xxx: Return busy if rport going away (bsc#1084427).
- qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote()
(bsc#1084427).
- qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).
- qlcnic: fix deadlock bug (bnc#1012382).
- r8169: fix RTL8168EP take too long to complete driver initialization
(bnc#1012382).
- rdma/cma: Make sure that PSN is not over max allowed (bnc#1012382).
- rdma/uverbs: Protect from command mask overflow (bsc#1082979).
- reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).
- Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).
- Revert "bpf: avoid false sharing of map refcount with max_entries"
(kabi).
- Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi).
- Revert "net: replace dst_cache ip6_tunnel implementation with the
generic one" (kabi bnc#1082897).
- Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
(bnc#1012382).
- Revert "powerpc: Simplify module TOC handling" (kabi).
- Revert SUSE-specific qla2xxx patch 'Add module parameter for interrupt
mode' (bsc#1043726)
- Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"
- Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"
- rfi-flush: Move the logic to avoid a redo into the debugfs code
(bsc#1068032, bsc#1075087).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,
bsc#1075087).
- rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).
- rtc-opal: Fix handling of firmware error codes, prevent busy loops
(bnc#1012382).
- rtlwifi: fix gcc-6 indentation warning (bnc#1012382).
- rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).
- s390: add no-execute support (FATE#324087, LTC#158827).
- s390/dasd: fix handling of internal requests (bsc#1080321).
- s390/dasd: fix wrongly assigned configuration data (bnc#1012382).
- s390/dasd: prevent prefix I/O error (bnc#1012382).
- s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).
- s390: hypfs: Move diag implementation and data definitions (FATE#324070,
LTC#158959).
- s390: kvm: Cpu model support for msa6, msa7 and msa8 (FATE#324069,
LTC#159031).
- s390: Make cpc_name accessible (FATE#324070, LTC#158959).
- s390: Make diag224 public (FATE#324070, LTC#158959).
- s390/mem_detect: use unsigned longs (FATE#324071, LTC#158956).
- s390/mm: align swapper_pg_dir to 16k (FATE#324087, LTC#158827).
- s390/mm: always use PAGE_KERNEL when mapping pages (FATE#324087,
LTC#158827).
- s390/noexec: execute kexec datamover without DAT (FATE#324087,
LTC#158827).
- s390/oprofile: fix address range for asynchronous stack (bsc#1082979).
- s390/pageattr: allow kernel page table splitting (FATE#324087,
LTC#158827).
- s390/pageattr: avoid unnecessary page table splitting (FATE#324087,
LTC#158827).
- s390/pageattr: handle numpages parameter correctly (FATE#324087,
LTC#158827).
- s390/pci_dma: improve lazy flush for unmap (bnc#1079886, LTC#163393).
- s390/pci_dma: improve map_sg (bnc#1079886, LTC#163393).
- s390/pci_dma: make lazy flush independent from the tlb_refresh bit
(bnc#1079886, LTC#163393).
- s390/pci_dma: remove dma address range check (bnc#1079886, LTC#163393).
- s390/pci_dma: simplify dma address calculation (bnc#1079886, LTC#163393).
- s390/pci_dma: split dma_update_trans (bnc#1079886, LTC#163393).
- s390/pci: fix dma address calculation in map_sg (bnc#1079886,
LTC#163393).
- s390/pci: handle insufficient resources during dma tlb flush
(bnc#1079886, LTC#163393).
- s390/pgtable: introduce and use generic csp inline asm (FATE#324087,
LTC#158827).
- s390/pgtable: make pmd and pud helper functions available (FATE#324087,
LTC#158827).
- s390/qeth: fix underestimated count of buffer elements (bnc#1082089,
LTC#164529).
- s390: report new vector facilities (FATE#324088, LTC#158828).
- s390/sclp: Add hmfai field (FATE#324071, LTC#158956).
- s390/vmem: align segment and region tables to 16k (FATE#324087,
LTC#158827).
- s390/vmem: introduce and use SEGMENT_KERNEL and REGION3_KERNEL
(FATE#324087, LTC#158827).
- s390/vmem: simplify vmem code for read-only mappings (FATE#324087,
LTC#158827).
- sched/rt: Up the root domain ref count when passing it around via IPIs
(bnc#1012382).
- sched/rt: Use container_of() to get root domain in
rto_push_irq_work_func() (bnc#1012382).
- scripts/kernel-doc: Do not fail with status != 0 if error encountered
with -none (bnc#1012382).
- scsi: aacraid: Fix hang in kdump (bsc#1022607, FATE#321673).
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
path (bnc#1012382).
- scsi: advansys: fix build warning for PCI=n (bnc#1012382).
- scsi: advansys: fix uninitialized data access (bnc#1012382).
- scsi: do not look for NULL devices handlers by name (bsc#1082373).
- scsi: fas216: fix sense buffer initialization (bsc#1082979).
- scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).
- scsi: hisi_sas: directly attached disk LED feature for v2 hw
(bsc#1083409).
- scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
(bnc#1012382).
- scsi: initio: remove duplicate module device table (bnc#1012382
bsc#1082979).
- scsi: initio: remove duplicate module device table (bsc#1082979).
- scsi: libsas: fix error when getting phy events (bsc#1082979).
- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (bsc#1082979).
- scsi: lpfc: Add WQ Full Logic for NVME Target (bsc#1080656).
- scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target
(bsc#1080656).
- scsi: lpfc: Beef up stat counters for debug (bsc#1076693).
- scsi: lpfc: correct debug counters for abort (bsc#1080656).
- scsi: lpfc: do not dereference localport before it has been null checked
(bsc#1076693).
- scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function
(bsc#1082979).
- scsi: lpfc: fix a couple of minor indentation issues (bsc#1076693).
- scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv
(bsc#1076693).
- scsi: lpfc: Fix header inclusion in lpfc_nvmet (bsc#1080656).
- scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port
(bsc#1076693).
- scsi: lpfc: Fix IO failure during hba reset testing with nvme io
(bsc#1080656).
- scsi: lpfc: Fix issue_lip if link is disabled (bsc#1080656).
- scsi: lpfc: Fix issues connecting with nvme initiator (bsc#1076693).
- scsi: lpfc: Fix nonrecovery of NVME controller after cable swap
(bsc#1080656).
- scsi: lpfc: Fix PRLI handling when topology type changes (bsc#1080656).
- scsi: lpfc: Fix receive PRLI handling (bsc#1076693).
- scsi: lpfc: Fix RQ empty firmware trap (bsc#1080656).
- scsi: lpfc: Fix SCSI io host reset causing kernel crash (bsc#1080656).
- scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled
(bsc#1076693).
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
(bsc#1080656).
- scsi: lpfc: Increase CQ and WQ sizes for SCSI (bsc#1080656).
- scsi: lpfc: Increase SCSI CQ and WQ sizes (bsc#1076693).
- scsi: lpfc: Indicate CONF support in NVMe PRLI (bsc#1080656).
- scsi: lpfc: move placement of target destroy on driver detach
(bsc#1080656).
- scsi: lpfc: Treat SCSI Write operation Underruns as an error
(bsc#1080656).
- scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright
(bsc#1080656).
- scsi: lpfc: update driver version to 11.4.0.6 (bsc#1076693).
- scsi: lpfc: update driver version to 11.4.0.7 (bsc#1080656).
- scsi: lpfc: Validate adapter support for SRIU option (bsc#1080656).
- scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).
- scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT
passthrough commands (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Accelerate SCSI BUSY status generation in target mode
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add ability to autodetect SFP type
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ability to send PRLO (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ability to use GPNFT/GNNFT for RSCN handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ATIO-Q processing for INTx mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add boundary checks for exchanges to be offloaded
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add command completion for error path
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add debug knob for user control workload
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add debug logging routine for qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Added change to enable ZIO for FC-NVMe devices
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe command handling (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe port discovery and PRLI handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add function call to qpair for door bell
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add fw_started flags to qpair (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add lock protection around host lookup
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add LR distance support from nvram bit
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: add missing includes for qla_isr
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add option for use reserve exch for ELS
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ql2xiniexchg parameter (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add retry limit for fabric scan logic
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add support for minimum link speed
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add switch command to simplify fabric discovery
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add timeout ability to wait_for_sess_deletion()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add XCB counters to debugfs (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port
states (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow relogin and session creation after reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow SNS fabric login to be retried
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow target mode to accept PRLI in dual mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: avoid unused-function warning (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Change ha->wq max_active value to default
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Changes to support N2N logins (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Chip reset uses wrong lock during IO flush
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Cleanup FC-NVMe code (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Cleanup NPIV host in target mode during config teardown
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Clear fc4f_nvme flag (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Clear loop id after delete (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Combine Active command arrays (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Convert 32-bit LUN usage to 64-bit
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Defer processing of GS IOCB calls
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Delay loop id allocation at login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Do not call abort handler function during chip reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Do not call dma_free_coherent with IRQ disabled
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: do not include <generated/utsrelease.h>
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Enable Async TMF processing (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Enable ATIO interrupt handshake for ISP27XX
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Enable Target Multi Queue (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,
bsc#966328).
- scsi: qla2xxx: fix a bunch of typos and spelling mistakes
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()
(bsc#1082979).
- scsi: qla2xxx: Fix compile warning (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix FC-NVMe LUN discovery (bsc#1083223).
- scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange
Offload (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix GPNFT/GNNFT error handling (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix gpnid error processing (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix incorrect handle for abort IOCB (bsc#1082979).
- scsi: qla2xxx: Fix login state machine freeze (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix login state machine stuck at GPDB
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix mailbox failure while deleting Queue pairs
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix memory leak in dual/target mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NPIV host cleanup in target mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NPIV host enable after chip reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NULL pointer access for fcport structure
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
(bsc#1082979).
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix oops in qla2x00_probe_one error path
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix PRLI state check (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix queue ID for async abort with Multiqueue
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix recursion while sending terminate exchange
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix Relogin being triggered too fast
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix re-login for Nport Handle in use
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix remoteport disconnect for FC-NVMe
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix scan state field for fcport (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix session cleanup for N2N (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix slow mem alloc behind lock (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: fix spelling mistake of variable sfp_additonal_info
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash for Notify ack timeout handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash while triggering FW dump
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system panic due to pointer access problem
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix target multiqueue configuration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix task mgmt handling for NPIV (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning during port_name debug print
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning for code intentation in
__qla24xx_handle_gpdb_event() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix WWPN/WWNN in debug message (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Handle PCIe error for driver (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Increase ql2xmaxqdepth to 64 (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Increase verbosity of debug messages logged
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Migrate switch registration commands away from mailbox
interface (bsc#1043726,FATE#324770).
- scsi: qla2xxx: move fields from qla_hw_data to qla_qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Move function prototype to correct header
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move logging default mask to execute once only
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move session delete to driver work queue
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move target stat counters from vha to qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Move work element processing out of DPC thread
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Off by one in qlt_ctio_to_cmd() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Preparation for Target MQ (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Prevent multiple active discovery commands per session
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Prevent relogin trigger from sending too many commands
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Prevent sp->free null/uninitialized pointer dereference
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Print correct mailbox registers in failed summary
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Properly extract ADISC error codes
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Protect access to qpair members with qpair->qp_lock
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Query FC4 type during RSCN processing
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Recheck session state after RSCN (bsc#1043726,FATE#324770)
- scsi: qla2xxx: Reduce the use of terminate exchange
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reduce trace noise for Async Events
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reinstate module parameter ql2xenablemsix
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Relogin to target port on a cable swap
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout
(FATE#320146, bsc#966328).
- scsi: qla2xxx: Remove an unused structure member
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove datasegs_per_cmd and datasegs_per_cont field
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove extra register read (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove extra register read (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery
(bsc#1084397).
- scsi: qla2xxx: Remove potential macro parameter side-effect in
ql_dump_regs() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: remove redundant assignment of d
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: remove redundant null check on tgt
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove redundant wait when target is stopped
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove session creation redundant code
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove unused argument from
qlt_schedule_sess_for_deletion() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove unused irq_cmd_count field
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove unused tgt_enable_64bit_addr flag
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: remove writeq/readq function definitions
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Replace GPDB with async ADISC command
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reset the logo flag, after target re-login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Retry switch command on time out
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Send FC4 type NVMe to the management server
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize GPNID for multiple RSCN
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize session deletion by using work_lock
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize session free in qlt_free_session_done
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Skip IRQ affinity for Target QPairs
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Skip zero queue count entry during FW dump capture
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Tweak resource count dump (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update Driver version to 10.00.00.00-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.01-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.02-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.03-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.04-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.05-k (bsc#1081681).
- scsi: qla2xxx: Update driver version to 9.01.00.00-k
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Update fw_started flags at qpair creation
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch
(bsc#1043726,FATE#324770)
- scsi: qla2xxx: Use chip reset to bring down laser on unload
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: use dma_mapping_error to check map errors
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use FC-NVMe FC4 type for FDMI registration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use IOCB path to submit Control VP MBX command
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use known NPort ID for Management Server login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use ql2xnvmeenable to enable Q-Pair for FC-NVMe
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: use shadow register for ISP27XX (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Use shadow register for ISP27XX (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use sp->free instead of hard coded call
(bsc#1043726,FATE#324770).
- scsi: ses: do not get power status of SES device slot on probe
(bsc#1082979).
- scsi: sim710: fix build warning (bnc#1012382).
- scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
(bnc#1012382).
- scsi: storvsc: remove unnecessary channel inbound lock (fate#315887,
bsc#1082632).
- scsi: sun_esp: fix device reference leaks (bsc#1082979).
- scsi: tcm_qla2xxx: Do not allow aborted cmd to advance
(bsc#1043725,FATE#324770).
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
ufshcd_config_vreg (bnc#1012382).
- sctp: make use of pre-calculated len (bnc#1012382).
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core() (bnc#1012382).
- selinux: general protection fault in sock_has_perm (bnc#1012382).
- selinux: skip bounded transition processing if the policy isn't loaded
(bnc#1012382).
- serial: 8250_mid: fix broken DMA dependency (bnc#1012382).
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
(bsc#1031717).
- serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
(bnc#1012382).
- series.conf: disable qla2xxx patches (bsc#1043725)
- sget(): handle failures of register_shrinker() (bnc#1012382).
- signal/openrisc: Fix do_unaligned_access to send the proper signal
(bnc#1012382).
- signal/sh: Ensure si_signo is initialized in do_divide_error
(bnc#1012382).
- SolutionEngine771x: fix Ether platform data (bnc#1012382).
- spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).
- spi: imx: do not access registers while clocks disabled (bnc#1012382).
- spi: sun4i: disable clocks in the remove function (bnc#1012382).
- ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).
- staging: android: ashmem: Fix a race condition in pin ioctls
(bnc#1012382).
- staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).
- staging: ste_rmi4: avoid unused function warnings (bnc#1012382).
- staging: unisys: visorinput depends on INPUT (bnc#1012382).
- staging: wilc1000: fix kbuild test robot error (bnc#1012382).
- sunrpc: Allow connect to return EHOSTUNREACH (bnc#1012382).
- target: Add support for TMR percpu reference counting
(bsc#1043726,FATE#324770).
- target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK
(bsc#1043726,FATE#324770).
- tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).
- tc358743: fix register i2c_rd/wr function fix (git-fixes).
- tc358743: fix register i2c_rd/wr functions (bnc#1012382).
- tcp: do not set rtt_min to 1 (bsc#1042286).
- tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).
- test_bpf: fix the dummy skb after dissector changes (bsc#1042286).
- tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).
- tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).
- thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).
- thermal: spear: use __maybe_unused for PM functions (bnc#1012382).
- tlan: avoid unused label with PCI=n (bnc#1012382).
- tools build: Add tools tree support for 'make -s' (bnc#1012382).
- tpm-dev-common: Reject too short writes (bsc#1020645, git-fixes).
- tpm: fix potential buffer overruns caused by bit glitches on the bus
(bsc#1020645, git-fixes).
- tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches
on the bus (bsc#1020645, git-fixes).
- tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on
the bus (bsc#1020645, git-fixes).
- tpm: st33zp24: fix potential buffer overruns caused by bit glitches on
the bus (bsc#1020645, git-fixes).
- tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
(bsc#1020645, git-fixes).
- tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).
- tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).
- tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).
- ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).
- udp: restore UDPlite many-cast delivery (bsc#1042286).
- usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).
- usb: cdc-acm: Do not log urb submission errors on disconnect
(bnc#1012382).
- usb: cdc_subset: only build when one driver is enabled (bnc#1012382).
- usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).
- usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).
- usb: gadget: do not dereference g until after it has been null checked
(bnc#1012382).
- usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).
- usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).
- usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
(bnc#1012382).
- usbip: keep usbip_device sockfd state in sync with tcp_socket
(bnc#1012382).
- usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).
- usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).
- usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).
- usb: ldusb: add PIDs for new CASSY devices supported by this driver
(bnc#1012382).
- usb: musb/ux500: remove duplicate check for dma_is_compatible
(bnc#1012382).
- usb: ohci: Proper handling of ed_rm_list to handle race condition
between usb_kill_urb() and finish_unlinks() (bnc#1012382).
- usb: option: Add support for FS040U modem (bnc#1012382).
- usb: phy: msm add regulator dependency (bnc#1012382).
- usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
(bnc#1012382).
- usb: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).
- usb: serial: pl2303: new device id for Chilitag (bnc#1012382).
- usb: serial: simple: add Motorola Tetra driver (bnc#1012382).
- usb: uas: unconditionally bring back host after reset (bnc#1012382).
- v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).
- vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).
- vfs: do not do RCU lookup of empty pathnames (bnc#1012382).
- vhost_net: stop device during reset owner (bnc#1012382).
- video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).
- video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).
- video: fbdev: sis: remove unused variable (bnc#1012382).
- video: fbdev: via: remove possibly unused variables (bnc#1012382).
- video: Use bool instead int pointer for get_opt_bool() argument
(bnc#1012382).
- virtio_balloon: prevent uninitialized variable use (bnc#1012382).
- vmbus: add per-channel sysfs info (fate#315887, bsc#1082632).
- vmbus: add prefetch to ring buffer iterator (fate#315887, bsc#1082632).
- vmbus: do not acquire the mutex in vmbus_hvsock_device_unregister()
(fate#315887, bsc#1082632).
- vmbus: drop unused ring_buffer_info elements (fate#315887, bsc#1082632).
- vmbus: eliminate duplicate cached index (fate#315887, bsc#1082632).
- vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister()
(fate#315887, bsc#1082632).
- vmbus: initialize reserved fields in messages (fate#315887, bsc#1082632).
- vmbus: make channel_message table constant (fate#315887, bsc#1082632).
- vmbus: more host signalling avoidance (fate#315887, bsc#1082632).
- vmbus: refactor hv_signal_on_read (fate#315887, bsc#1082632).
- vmbus: remove unused vmbus_sendpacket_ctl (fate#315887, bsc#1082632).
- vmbus: remove unused vmbus_sendpacket_multipagebuffer (fate#315887,
bsc#1082632).
- vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl (fate#315887,
bsc#1082632).
- vmbus: Reuse uuid_le_to_bin() helper (fate#315887, bsc#1082632).
- vmbus: simplify hv_ringbuffer_read (fate#315887, bsc#1082632).
- vmbus: unregister device_obj->channels_kset (fate#315887, bsc#1082632).
- vmxnet3: prevent building with 64K pages (bnc#1012382).
- vxlan: consolidate csum flag handling (bsc#1042286).
- vxlan: consolidate output route calculation (bsc#1042286).
- vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).
- vxlan: do not allow overwrite of config src addr (bsc#1042286).
- watchdog: imx2_wdt: restore previous timeout after suspend+resume
(bnc#1012382).
- wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).
- x86: add MULTIUSER dependency for KVM (bnc#1012382).
- x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).
- x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).
- x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).
- x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).
- x86/build: Silence the build with "make -s" (bnc#1012382).
- x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).
- x86/cpu: Change type of x86_cache_size variable to unsigned int
(bnc#1012382).
- x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
(bsc#1077560).
- x86/entry/64: Use a per-CPU trampoline stack for IDT entries
(bsc#1077560).
- x86: fix build warnign with 32-bit PAE (bnc#1012382).
- x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).
- x86/hyperv: Implement hv_get_tsc_page() (fate#315887, bsc#1082632).
- x86/hyper-v: include hyperv/ only when CONFIG_HYPERV is set
(fate#315887, bsc#1082632).
- x86/hyper-v: Introduce fast hypercall implementation (fate#315887,
bsc#1082632).
- x86/hyper-v: Make hv_do_hypercall() inline (fate#315887, bsc#1082632).
- x86/hyperv: Move TSC reading method to asm/mshyperv.h (fate#315887,
bsc#1082632).
- x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
(bnc#1012382).
- x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
running nested (bsc#1081431).
- x86/mce: Pin the timer when modifying (bsc#1080851,1076282).
- x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
preemptibility bug (bnc#1012382).
- x86/microcode/AMD: Do not load when running on a hypervisor (bsc#1081436
bsc#1081437).
- x86/microcode: Do the family check first (bnc#1012382).
- x86/microcode: Do the family check first (bsc#1081436 bsc#1081437).
- x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).
- x86/mm/pkeys: Fix fill_sig_info_pkey (fate#321300).
- x86/nospec: Fix header guards names (bnc#1012382).
- x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).
- x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).
- x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).
- x86/platform/olpc: Fix resume handler build warning (bnc#1012382).
- x86/pti: Make unpoison of pgd for trusted boot work for real
(bnc#1012382).
- x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).
- x86/retpoline: Avoid retpolines for built-in __init functions
(bnc#1012382).
- x86/retpoline/hyperv: Convert assembler indirect jumps (fate#315887,
bsc#1082632).
- x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).
- x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).
- x86/spectre: Fix an error message (git-fixes).
- x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
(bnc#1012382).
- x86/spectre: Remove the out-of-tree RSB stuffing
- x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
(bnc#1012382).
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).
- xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).
- xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).
- xen-netfront: enable device after manual module load (bnc#1012382).
- xen-netfront: remove warning when unloading module (bnc#1012382).
- xen: XEN_ACPI_PROCESSOR is Dom0-only (bnc#1012382).
- xfrm: check id proto in validate_tmpl() (bnc#1012382).
- xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies
(bnc#1012382).
- xfrm_user: propagate sec ctx allocation errors (bsc#1042286).
- xfs: do not chain ioends during writepage submission (bsc#1077285
bsc#1043441).
- xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).
- xfs: Introduce writeback context for writepages (bsc#1077285
bsc#1043441).
- xfs: ioends require logically contiguous file offsets (bsc#1077285
bsc#1043441).
- xfs: quota: check result of register_shrinker() (bnc#1012382).
- xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).
- xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).
- xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285
bsc#1043441).
- xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).
- xfs: stop searching for free slots in an inode chunk when there are none
(bsc#1072739).
- xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).
- xfs: ubsan fixes (bnc#1012382).
- xfs: validate sb_logsunit is a multiple of the fs blocksize
(bsc#1077513).
- xfs: write unmount record for ro mounts (bsc#1073401).
- xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).
- xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).
- zram: fix operator precedence to get offset (bsc#1082979).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2018-534=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-534=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-534=1
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-534=1
- SUSE Linux Enterprise High Availability 12-SP3:
zypper in -t patch SUSE-SLE-HA-12-SP3-2018-534=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-534=1
- SUSE CaaS Platform ALL:
To install this update, use the SUSE CaaS Platform Velum dashboard.
It will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
kernel-default-debuginfo-4.4.120-94.17.1
kernel-default-debugsource-4.4.120-94.17.1
kernel-default-extra-4.4.120-94.17.1
kernel-default-extra-debuginfo-4.4.120-94.17.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.4.120-94.17.1
kernel-obs-build-debugsource-4.4.120-94.17.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
kernel-docs-4.4.120-94.17.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-4.4.120-94.17.1
kernel-default-base-4.4.120-94.17.1
kernel-default-base-debuginfo-4.4.120-94.17.1
kernel-default-debuginfo-4.4.120-94.17.1
kernel-default-debugsource-4.4.120-94.17.1
kernel-default-devel-4.4.120-94.17.1
kernel-syms-4.4.120-94.17.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
kernel-devel-4.4.120-94.17.1
kernel-macros-4.4.120-94.17.1
kernel-source-4.4.120-94.17.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
kernel-default-man-4.4.120-94.17.1
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_120-94_17-default-1-4.3.1
kgraft-patch-4_4_120-94_17-default-debuginfo-1-4.3.1
- SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.120-94.17.1
cluster-md-kmp-default-debuginfo-4.4.120-94.17.1
dlm-kmp-default-4.4.120-94.17.1
dlm-kmp-default-debuginfo-4.4.120-94.17.1
gfs2-kmp-default-4.4.120-94.17.1
gfs2-kmp-default-debuginfo-4.4.120-94.17.1
kernel-default-debuginfo-4.4.120-94.17.1
kernel-default-debugsource-4.4.120-94.17.1
ocfs2-kmp-default-4.4.120-94.17.1
ocfs2-kmp-default-debuginfo-4.4.120-94.17.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
kernel-default-4.4.120-94.17.1
kernel-default-debuginfo-4.4.120-94.17.1
kernel-default-debugsource-4.4.120-94.17.1
kernel-default-devel-4.4.120-94.17.1
kernel-default-extra-4.4.120-94.17.1
kernel-default-extra-debuginfo-4.4.120-94.17.1
kernel-syms-4.4.120-94.17.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
kernel-devel-4.4.120-94.17.1
kernel-macros-4.4.120-94.17.1
kernel-source-4.4.120-94.17.1
- SUSE CaaS Platform ALL (x86_64):
kernel-default-4.4.120-94.17.1
kernel-default-debuginfo-4.4.120-94.17.1
kernel-default-debugsource-4.4.120-94.17.1
References:
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-15951.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-17975.html
https://www.suse.com/security/cve/CVE-2017-18174.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2018-1000026.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-8087.html
https://bugzilla.suse.com/1006867
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1015343
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1022607
https://bugzilla.suse.com/1024376
https://bugzilla.suse.com/1027054
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1033587
https://bugzilla.suse.com/1034503
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1043441
https://bugzilla.suse.com/1043725
https://bugzilla.suse.com/1043726
https://bugzilla.suse.com/1062840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065615
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068569
https://bugzilla.suse.com/1069135
https://bugzilla.suse.com/1070404
https://bugzilla.suse.com/1071306
https://bugzilla.suse.com/1071892
https://bugzilla.suse.com/1072363
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072739
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1073401
https://bugzilla.suse.com/1073407
https://bugzilla.suse.com/1074198
https://bugzilla.suse.com/1074426
https://bugzilla.suse.com/1075087
https://bugzilla.suse.com/1076282
https://bugzilla.suse.com/1076693
https://bugzilla.suse.com/1076760
https://bugzilla.suse.com/1076982
https://bugzilla.suse.com/1077241
https://bugzilla.suse.com/1077285
https://bugzilla.suse.com/1077513
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077779
https://bugzilla.suse.com/1078583
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1078787
https://bugzilla.suse.com/1079029
https://bugzilla.suse.com/1079038
https://bugzilla.suse.com/1079195
https://bugzilla.suse.com/1079313
https://bugzilla.suse.com/1079384
https://bugzilla.suse.com/1079609
https://bugzilla.suse.com/1079886
https://bugzilla.suse.com/1079989
https://bugzilla.suse.com/1080014
https://bugzilla.suse.com/1080263
https://bugzilla.suse.com/1080321
https://bugzilla.suse.com/1080344
https://bugzilla.suse.com/1080364
https://bugzilla.suse.com/1080384
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080533
https://bugzilla.suse.com/1080656
https://bugzilla.suse.com/1080774
https://bugzilla.suse.com/1080813
https://bugzilla.suse.com/1080851
https://bugzilla.suse.com/1081134
https://bugzilla.suse.com/1081431
https://bugzilla.suse.com/1081436
https://bugzilla.suse.com/1081437
https://bugzilla.suse.com/1081491
https://bugzilla.suse.com/1081498
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/1081512
https://bugzilla.suse.com/1081514
https://bugzilla.suse.com/1081681
https://bugzilla.suse.com/1081735
https://bugzilla.suse.com/1082089
https://bugzilla.suse.com/1082223
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1082373
https://bugzilla.suse.com/1082478
https://bugzilla.suse.com/1082632
https://bugzilla.suse.com/1082795
https://bugzilla.suse.com/1082864
https://bugzilla.suse.com/1082897
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1082993
https://bugzilla.suse.com/1083048
https://bugzilla.suse.com/1083086
https://bugzilla.suse.com/1083223
https://bugzilla.suse.com/1083387
https://bugzilla.suse.com/1083409
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1083548
https://bugzilla.suse.com/1083750
https://bugzilla.suse.com/1083770
https://bugzilla.suse.com/1084041
https://bugzilla.suse.com/1084397
https://bugzilla.suse.com/1084427
https://bugzilla.suse.com/1084610
https://bugzilla.suse.com/1084772
https://bugzilla.suse.com/1084888
https://bugzilla.suse.com/1084926
https://bugzilla.suse.com/1084928
https://bugzilla.suse.com/1084967
https://bugzilla.suse.com/1085011
https://bugzilla.suse.com/1085015
https://bugzilla.suse.com/1085045
https://bugzilla.suse.com/1085047
https://bugzilla.suse.com/1085050
https://bugzilla.suse.com/1085053
https://bugzilla.suse.com/1085054
https://bugzilla.suse.com/1085056
https://bugzilla.suse.com/1085107
https://bugzilla.suse.com/1085224
https://bugzilla.suse.com/1085239
https://bugzilla.suse.com/863764
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966328
https://bugzilla.suse.com/969476
https://bugzilla.suse.com/969477
https://bugzilla.suse.com/975772
https://bugzilla.suse.com/983145
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0785-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 23 Mar '18
by opensuse-security@opensuse.org 23 Mar '18
23 Mar '18
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0785-1
Rating: important
References: #1005776 #1006867 #1012382 #1012829 #1027054
#1031717 #1034503 #1035432 #1042286 #1043441
#1045330 #1062840 #1065600 #1065615 #1066223
#1067118 #1068032 #1068569 #1069135 #1071306
#1071892 #1072363 #1072689 #1072739 #1072865
#1073401 #1074198 #1074426 #1075087 #1076282
#1077285 #1077513 #1077560 #1077779 #1078583
#1078609 #1078672 #1078673 #1078787 #1079029
#1079038 #1079384 #1079989 #1080014 #1080263
#1080344 #1080360 #1080364 #1080384 #1080464
#1080774 #1080809 #1080813 #1080851 #1081134
#1081431 #1081491 #1081498 #1081500 #1081512
#1081671 #1082223 #1082299 #1082478 #1082795
#1082864 #1082897 #1082979 #1082993 #1083494
#1083548 #1084610 #1085053 #1085107 #1085224
#1085239 #863764 #966328 #975772 #983145
Cross-References: CVE-2017-13166 CVE-2017-15951 CVE-2017-16644
CVE-2017-16912 CVE-2017-16913 CVE-2017-17975
CVE-2017-18208 CVE-2018-1000026 CVE-2018-1068
CVE-2018-8087
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise High Availability 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves 10 vulnerabilities and has 70 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-13166: An elevation of privilege vulnerability in the v4l2
video driver was fixed. (bnc#1072865).
- CVE-2017-15951: The KEYS subsystem did not correctly synchronize the
actions of updating versus finding a key in the "negative" state to
avoid a race condition, which allowed local users to cause a denial of
service or possibly have unspecified other impact via crafted system
calls (bnc#1062840 bnc#1065615).
- CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)
allowed attackers to cause a denial of service (out-of-bounds read) via
a specially crafted USB over IP packet (bnc#1078673).
- CVE-2017-16913: The "stub_recv_cmd_submit()" function
(drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed
attackers to cause a denial of service (arbitrary memory allocation) via
a specially crafted USB over IP packet (bnc#1078672).
- CVE-2017-17975: Use-after-free in the usbtv_probe function in
drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial
of service (system crash) or possibly have unspecified other impact by
triggering failure of audio registration, because a kfree of the usbtv
data structure occurs during a usbtv_video_free call, but the
usbtv_video_fail label's code attempts to both access and free this data
structure (bnc#1074426).
- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
local users to cause a denial of service (infinite loop) by triggering
use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
- CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a
denial of service (memory consumption) by triggering an out-of-array
error case (bnc#1085053).
- CVE-2018-1000026: A insufficient input validation vulnerability in the
bnx2x network card driver could result in DoS: Network card firmware
assertion takes card off-line. This attack appear to be exploitable via
An attacker on a must pass a very large, specially crafted packet to the
bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).
- CVE-2018-1068: Insufficient user provided offset checking in the
ebtables compat code allowed local attackers to overwrite kernel memory
and potentially execute code. (bsc#1085107)
The following non-security bugs were fixed:
- acpi / bus: Leave modalias empty for devices which are not present
(bnc#1012382).
- acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).
- Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).
- add ip6_make_flowinfo helper (bsc#1042286).
- ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).
- ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
(bnc#1012382).
- ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).
- alpha: fix crash if pthread_create races with signal delivery
(bnc#1012382).
- alpha: fix reboot on Avanti platform (bnc#1012382).
- alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).
- alsa: hda - Fix headset mic detection problem for two Dell machines
(bnc#1012382).
- alsa: hda/realtek - Add headset mode support for Dell laptop
(bsc#1031717).
- alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).
- alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).
- alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).
- alsa: seq: Fix racy pool initializations (bnc#1012382).
- alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).
- alsa: usb-audio: add implicit fb quirk for Behringer UFX1204
(bnc#1012382).
- alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
(bnc#1012382).
- amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).
- arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).
- arm64: Disable unhandled signal log messages by default (bnc#1012382).
- arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).
- arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
(bnc#1012382).
- arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
(bnc#1012382).
- arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
(bnc#1012382).
- arm: dts: am4372: Correct the interrupts_properties of McASP
(bnc#1012382).
- arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
(bnc#1012382).
- arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).
- arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).
- arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
(bnc#1012382).
- arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls
(bnc#1012382).
- arm: OMAP2+: Fix SRAM virt to phys translation for
save_secure_ram_context (bnc#1012382).
- arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).
- arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).
- arm: spear13xx: Fix dmas cells (bnc#1012382).
- arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).
- arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).
- arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).
- asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).
- asoc: Intel: Kconfig: fix build when acpi is not enabled (bnc#1012382).
- asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
(bsc#1031717).
- asoc: mediatek: add i2c dependency (bnc#1012382).
- asoc: nuc900: Fix a loop timeout test (bsc#1031717).
- asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- asoc: rockchip: disable clock on error (bnc#1012382).
- asoc: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
(bnc#1012382).
- asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).
- asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).
- asoc: simple-card: Fix misleading error message (bnc#1012382).
- asoc: ux500: add MODULE_LICENSE tag (bnc#1012382).
- ata: ahci_xgene: free structure returned by acpi_get_object_info()
(bsc#1082979).
- b2c2: flexcop: avoid unused function warnings (bnc#1012382).
- binder: add missing binder_unlock() (bnc#1012382).
- binder: check for binder_thread allocation failure in binder_poll()
(bnc#1012382).
- binfmt_elf: compat: avoid unused function warning (bnc#1012382).
- blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set
console_may_schedule in console_trylock()")
- blktrace: fix unlocked registration of tracepoints (bnc#1012382).
- bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).
- bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
version (bnc#1012382).
- bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine
(bnc#1012382).
- bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).
- bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).
- bpf: fix 32-bit divide by zero (bnc#1012382).
- bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).
- bpf: fix divides by zero (bnc#1012382).
- bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).
- bpf: reject stores into ctx via st and xadd (bnc#1012382).
- bridge: implement missing ndo_uninit() (bsc#1042286).
- bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: fix crash due to not cleaning up tree log block's dirty bits
(bnc#1012382).
- btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).
- btrfs: fix deadlock when writing out space cache (bnc#1012382).
- btrfs: fix kernel oops while reading compressed data (bsc#1081671).
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
(bnc#1012382).
- btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).
- btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).
- btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
(bnc#1012382).
- can: flex_can: Correct the checking for frame length in
flexcan_start_xmit() (bnc#1012382).
- cdrom: turn off autoclose by default (bsc#1080813).
- cfg80211: check dev_set_name() return value (bnc#1012382).
- cfg80211: fix cfg80211_beacon_dup (bnc#1012382).
- cifs: dump IPC tcon in debug proc file (bsc#1071306).
- cifs: Fix autonegotiate security settings mismatch (bnc#1012382).
- cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).
- cifs: make IPC a regular tcon (bsc#1071306).
- cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
(bsc#1071306).
- cifs: zero sensitive data when freeing (bnc#1012382).
- clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).
- console/dummy: leave .con_font_get set to NULL (bnc#1012382).
- cpufreq: Add Loongson machine dependencies (bnc#1012382).
- crypto: aesni - handle zero length dst buffer (bnc#1012382).
- crypto: af_alg - whitelist mask and type (bnc#1012382).
- crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).
- crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).
- crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).
- crypto: poly1305 - remove ->setkey() method (bnc#1012382).
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).
- crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).
- crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).
- cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).
- dccp: limit sk_filter trim to payload (bsc#1042286).
- dell-wmi, dell-laptop: depends DMI (bnc#1012382).
- dlm: fix double list_del() (bsc#1082795).
- dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).
- dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved (bnc#1012382).
- dmaengine: dmatest: fix container_of member in dmatest_callback
(bnc#1012382).
- dmaengine: ioat: Fix error handling path (bnc#1012382).
- dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).
- dmaengine: zx: fix build warning (bnc#1012382).
- dm: correctly handle chained bios in dec_pending() (bnc#1012382).
- dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
(bnc#1012382).
- do not put symlink bodies in pagecache into highmem (bnc#1012382).
- dpt_i2o: fix build warning (bnc#1012382).
- driver-core: use 'dev' argument in dev_dbg_ratelimited stub
(bnc#1012382).
- drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).
- drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
(bnc#1012382).
- drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).
- drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).
- drm/armada: fix leak of crtc structure (bnc#1012382).
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).
- drm/gma500: remove helper function (bnc#1012382).
- drm/gma500: Sanity-check pipe index (bnc#1012382).
- drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).
- drm/nouveau/pci: do a msi rearm on init (bnc#1012382).
- drm/radeon: adjust tested variable (bnc#1012382).
- drm: rcar-du: Fix race condition when disabling planes at CRTC stop
(bnc#1012382).
- drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
(bnc#1012382).
- drm/ttm: check the return value of kzalloc (bnc#1012382).
- drm/vmwgfx: use *_32_bits() macros (bnc#1012382).
- e1000: fix disabling already-disabled warning (bnc#1012382).
- edac, octeon: Fix an uninitialized variable warning (bnc#1012382).
- em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).
- enable DST_CACHE in non-vanilla configs except s390x/zfcpdump
- ext4: correct documentation for grpid mount option (bnc#1012382).
- ext4: do not unnecessarily allocate buffer in recently_deleted()
(bsc#1080344).
- ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).
- ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).
- f2fs: fix a bug caused by NULL extent tree (bsc#1082478). While this fs
is not supported by SLE it affects opensuse users so let's add it to our
kernel for opensuse merging.
- fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).
- fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).
- fbdev: sis: enforce selection of at least one backend (bnc#1012382).
- fbdev: sm712fb: avoid unused function warnings (bnc#1012382).
- flow_dissector: Check skb for VLAN only if skb specified (bsc#1042286).
- flow_dissector: fix vlan tag handling (bsc#1042286).
- flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci
(bsc#1042286).
- ftrace: Remove incorrect setting of glob search field (bnc#1012382).
- geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).
- genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
(bnc#1012382).
- genksyms: Fix segfault with invalid declarations (bnc#1012382).
- gianfar: fix a flooded alignment reports because of padding issue
(bnc#1012382).
- go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).
- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).
- gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).
- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).
- gre: build header correctly for collect metadata tunnels (bsc#1042286).
- gre: do not assign header_ops in collect metadata mode (bsc#1042286).
- gre: do not keep the GRE header around in collect medata mode
(bsc#1042286).
- gre: reject GUE and FOU in collect metadata mode (bsc#1042286).
- hdpvr: hide unused variable (bnc#1012382).
- hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
(bnc#1012382).
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
(bnc#1012382).
- hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
(bnc#1012382).
- hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).
- hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).
- i2c: remove __init from i2c_register_board_info() (bnc#1012382).
- ib/ipoib: Fix race condition in neigh creation (bnc#1012382).
- ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH
ports (bnc#1012382).
- ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).
- ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).
- ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).
- ibmvnic: Allocate max queues stats buffers (bsc#1081498).
- ibmvnic: Allocate statistics buffers during probe (bsc#1082993).
- ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,
git-fixes).
- ibmvnic: Clean RX pool buffers during device close (bsc#1081134).
- ibmvnic: Clean up device close (bsc#1084610).
- ibmvnic: Correct goto target for tx irq initialization failure
(bsc#1082223).
- ibmvnic: Do not attempt to login if RX or TX queues are not allocated
(bsc#1082993).
- ibmvnic: Do not disable device during failover or partition migration
(bsc#1084610).
- ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).
- ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).
- ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).
- ibmvnic: fix firmware version when no firmware level has been provided
by the VIOS server (bsc#1079038).
- ibmvnic: Fix login buffer memory leaks (bsc#1081134).
- ibmvnic: Fix NAPI structures memory leak (bsc#1081134).
- ibmvnic: Fix recent errata commit (bsc#1085239).
- ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).
- ibmvnic: Fix TX descriptor tracking again (bsc#1082993).
- ibmvnic: Fix TX descriptor tracking (bsc#1081491).
- ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change
(bsc#1081498).
- ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).
- ibmvnic: Generalize TX pool structure (bsc#1085224).
- ibmvnic: Handle TSO backing device errata (bsc#1085239).
- ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).
- ibmvnic: Improve TX buffer accounting (bsc#1085224).
- ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).
- ibmvnic: Make napi usage dynamic (bsc#1081498).
- ibmvnic: Move active sub-crq count settings (bsc#1081498).
- ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).
- ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).
- ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).
- ibmvnic: Rename active queue count variables (bsc#1081498).
- ibmvnic: Reorganize device close (bsc#1084610).
- ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).
- ibmvnic: Reset long term map ID counter (bsc#1080364).
- ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).
- ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).
- ibmvnic: Update release RX pool routine (bsc#1085224).
- ibmvnic: Update TX and TX completion routines (bsc#1085224).
- ibmvnic: Update TX pool initialization routine (bsc#1085224).
- ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).
- idle: i7300: add PCI dependency (bnc#1012382).
- igb: Free IRQs when device is hotplugged (bnc#1012382).
- iio: adc: axp288: remove redundant duplicate const on
axp288_adc_channels (bnc#1012382).
- iio: adis_lib: Initialize trigger before requesting interrupt
(bnc#1012382).
- iio: buffer: check if a buffer has been set up when poll is called
(bnc#1012382).
- input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
(bnc#1012382).
- input: tca8418_keypad - remove double read of key event register
(git-fixes).
- iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).
- iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).
- iommu/amd: Fix alloc_irq_index() increment (bsc#975772).
- iommu/vt-d: Use domain instead of cache fetching (bsc#975772).
- ip6mr: fix stale iterator (bnc#1012382).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- ip_tunnel: fix preempt warning in ip tunnel creation/updating
(bnc#1012382).
- ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).
- ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).
- ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).
- ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).
- ipv4: update comment to document GSO fragmentation cases (bsc#1042286).
- ipv6: datagram: Refactor dst lookup and update codes to a new function
(bsc#1042286).
- ipv6: datagram: Refactor flowi6 init codes to a new function
(bsc#1042286).
- ipv6: datagram: Update dst cache of a connected datagram sk during pmtu
update (bsc#1042286).
- ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).
- ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).
- ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).
- ipv6: remove unused in6_addr struct (bsc#1042286).
- ipv6: tcp: fix endianness annotation in tcp_v6_send_response
(bsc#1042286).
- ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).
- ipvlan: Add the skb->mark as flow4's member to lookup route
(bnc#1012382).
- ipvlan: fix multicast processing (bsc#1042286).
- ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
(bnc#1012382).
- isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).
- isdn: icn: remove a #warning (bnc#1012382).
- isdn: sc: work around type mismatch warning (bnc#1012382).
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
(git-fixes).
- kABI: protect struct cpuinfo_x86 (kabi).
- kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all
(kabi).
- kABI: reintroduce crypto_poly1305_setkey (kabi).
- kabi: restore kabi after "net: replace dst_cache ip6_tunnel
implementation with the generic one" (bsc#1082897).
- kabi: restore nft_set_elem_destroy() signature (bsc#1042286).
- kabi: restore rhashtable_insert_slow() signature (bsc#1042286).
- kabi/severities: add __x86_indirect_thunk_rsp
- kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have
spoken, let there be light.
- kabi: uninline sk_receive_skb() (bsc#1042286).
- kaiser: fix compile error without vsyscall (bnc#1012382).
- kaiser: fix intel_bts perf crashes (bnc#1012382).
- kasan: rework Kconfig settings (bnc#1012382).
- kernel/async.c: revert "async: simplify lowest_in_progress()"
(bnc#1012382).
- kernel: fix rwlock implementation (bnc#1080360, LTC#164371).
- kernfs: fix regression in kernfs_fop_write caused by wrong type
(bnc#1012382).
- keys: encrypted: fix buffer overread in valid_master_desc()
(bnc#1012382).
- kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).
- kvm: add X86_LOCAL_APIC dependency (bnc#1012382).
- kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
(bsc#1079029).
- kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
(bnc#1012382).
- kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2
(bnc#1012382).
- kvm: nVMX: invvpid handling improvements (bnc#1012382).
- kvm: nVMX: kmap() can't fail (bnc#1012382).
- kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail
(bnc#1012382).
- kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled
(bsc#1066223).
- kvm: VMX: clean up declaration of VPID/EPT invalidation types
(bnc#1012382).
- kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).
- kvm: VMX: Make indirect call speculation safe (bnc#1012382).
- kvm: x86: Do not re-execute instruction when not passing CR2 value
(bnc#1012382).
- kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
(bnc#1012382).
- kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).
- kvm: X86: Fix operand/address-size during instruction decoding
(bnc#1012382).
- kvm: x86: ioapic: Clear Remote IRR when entry is switched to
edge-triggered (bnc#1012382).
- kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
(bnc#1012382).
- kvm: x86: ioapic: Preserve read-only values in the redirection table
(bnc#1012382).
- kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).
- kvm/x86: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
(bnc#1012382).
- l2tp: fix use-after-free during module unload (bsc#1042286).
- led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).
- livepatch: introduce shadow variable API (bsc#1082299 fate#313296).
Shadow variables support.
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299
fate#313296). Shadow variables support.
- lockd: fix "list_add double add" caused by legacy signal interface
(bnc#1012382).
- loop: fix concurrent lo_open/lo_release (bnc#1012382).
- mac80211: fix the update of path metric for RANN frame (bnc#1012382).
- mac80211: mesh: drop frames appearing to be from us (bnc#1012382).
- Make DST_CACHE a silent config option (bnc#1012382).
- mdio-sun4i: Fix a memory leak (bnc#1012382).
- md/raid1: Use a new variable to count flighting sync
requests(bsc#1078609)
- media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(bnc#1012382).
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(bnc#1012382).
- media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).
- media: s5k6aa: describe some function parameters (bnc#1012382).
- media: soc_camera: soc_scale_crop: add missing
MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).
- media: usbtv: add a new usbid (bnc#1012382).
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain
errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
(bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
(bnc#1012382).
- mips: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382).
- mmc: bcm2835: Do not overwrite max frequency unconditionally
(bsc#983145, git-fixes).
- mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).
- mm: hide a #warning for COMPILE_TEST (bnc#1012382).
- mm/kmemleak.c: make cond_resched() rate-limiting more efficient
(git-fixes).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1081500).
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed (bnc#1012382).
- mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user
copy (bnc#1012382).
- modsign: hide openssl output in silent builds (bnc#1012382).
- module/retpoline: Warn about missing retpoline in module (bnc#1012382).
- mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).
- mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).
- mtd: cfi: convert inline functions to macros (bnc#1012382).
- mtd: cfi: enforce valid geometry configuration (bnc#1012382).
- mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).
- mtd: maps: add __init attribute (bnc#1012382).
- mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).
- mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
(bnc#1012382).
- mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).
- mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).
- mvpp2: fix multicast address filter (bnc#1012382).
- ncpfs: fix unused variable warning (bnc#1012382).
- ncr5380: shut up gcc indentation warning (bnc#1012382).
- net: add dst_cache support (bnc#1012382).
- net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).
- net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).
- net: cdc_ncm: initialize drvflags before usage (bnc#1012382).
- net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).
- net: ena: add detection and recovery mechanism for handling
missed/misrouted MSI-X (bsc#1083548).
- net: ena: add new admin define for future support of IPv6 RSS
(bsc#1083548).
- net: ena: add power management ops to the ENA driver (bsc#1083548).
- net: ena: add statistics for missed tx packets (bsc#1083548).
- net: ena: fix error handling in ena_down() sequence (bsc#1083548).
- net: ena: fix race condition between device reset and link up setup
(bsc#1083548).
- net: ena: fix rare kernel crash when bar memory remap fails
(bsc#1083548).
- net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).
- net: ena: improve ENA driver boot time (bsc#1083548).
- net: ena: increase ena driver version to 1.3.0 (bsc#1083548).
- net: ena: increase ena driver version to 1.5.0 (bsc#1083548).
- net: ena: reduce the severity of some printouts (bsc#1083548).
- net: ena: remove legacy suspend suspend/resume support (bsc#1083548).
- net: ena: Remove redundant unlikely() (bsc#1083548).
- net: ena: unmask MSI-X only after device initialization is completed
(bsc#1083548).
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(bnc#1012382).
- netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
(bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check() (bnc#1012382).
- netfilter: ipvs: avoid unused variable warnings (bnc#1012382).
- netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).
- netfilter: nf_tables: fix a wrong check to skip the inactive rules
(bsc#1042286).
- netfilter: nf_tables: fix inconsistent element expiration calculation
(bsc#1042286).
- netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).
- netfilter: nf_tables: fix race when create new element in dynset
(bsc#1042286).
- netfilter: on sockopt() acquire sock lock only in the required scope
(bnc#1012382).
- netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target} (bnc#1012382).
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
(bnc#1012382).
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
(bnc#1012382).
- netfilter: xt_socket: fix transparent match for IPv6 request sockets
(bsc#1042286).
- net: gianfar_ptp: move set_fipers() to spinlock protecting area
(bnc#1012382).
- net: hp100: remove unnecessary #ifdefs (bnc#1012382).
- net: igmp: add a missing rcu locking section (bnc#1012382).
- net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags
(bsc#1042286).
- netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).
- net: replace dst_cache ip6_tunnel implementation with the generic one
(bnc#1012382).
- net_sched: red: Avoid devision by zero (bnc#1012382).
- net_sched: red: Avoid illegal values (bnc#1012382).
- net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).
- net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).
- nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).
- nfs: commit direct writes even if they fail partially (bnc#1012382).
- nfsd: check for use of the closed special stateid (bnc#1012382).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
(bnc#1012382).
- nfsd: Ensure we check stateid validity in the seqid operation checks
(bnc#1012382).
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).
- nfs: fix a deadlock in nfs client initialization (bsc#1074198).
- nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
(bnc#1012382).
- nfs: reject request for id_legacy key without auxdata (bnc#1012382).
- nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).
- nvme: Fix managing degraded controllers (bnc#1012382).
- ocfs2: return error when we attempt to access a dirty bh in jbd2
(bsc#1012829).
- openvswitch: fix the incorrect flow action alloc size (bnc#1012382).
- ovl: fix failure to fsync lower dir (bnc#1012382).
- ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).
- ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).
- pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).
- pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382).
- perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).
- perf top: Fix window dimensions change handling (bnc#1012382).
- perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
(bnc#1012382).
- pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).
- pipe: cap initial pipe capacity according to pipe-max-size limit
(bsc#1045330).
- pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).
- platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
(bnc#1012382).
- PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).
- PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).
- posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).
- power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).
- powerpc/64: Fix flush_(d|i)cache_range() called from modules
(FATE#315275 LTC#103998 bnc#1012382 bnc#863764).
- powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
(bnc#1012382).
- powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
bsc#1075087).
- powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
(bsc#1081512).
- powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).
- powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers
(bsc#1066223).
- powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
(bsc#1066223).
- powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc: Simplify module TOC handling (bnc#1012382).
- power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).
- Provide a function to create a NUL-terminated string from unterminated
data (bnc#1012382).
- pwc: hide unused label (bnc#1012382).
- qla2xxx: asynchronous pci probing (bsc#1034503).
- qlcnic: fix deadlock bug (bnc#1012382).
- r8169: fix RTL8168EP take too long to complete driver initialization
(bnc#1012382).
- RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382).
- reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).
- Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).
- Revert "bpf: avoid false sharing of map refcount with max_entries"
(kabi).
- Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi).
- Revert "net: replace dst_cache ip6_tunnel implementation with the
generic one" (kabi bnc#1082897).
- Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
(bnc#1012382).
- Revert "powerpc: Simplify module TOC handling" (kabi).
- Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"
This reverts commit 89ef3e2aec59362edf7b1cd1c48acc81cd74e319.
- Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"
This reverts commit 5812bed1a96b27804bfd1eadbe3e263cb58aafdf.
- rfi-flush: Move the logic to avoid a redo into the debugfs code
(bsc#1068032, bsc#1075087).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,
bsc#1075087).
- rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).
- rtc-opal: Fix handling of firmware error codes, prevent busy loops
(bnc#1012382).
- rtlwifi: fix gcc-6 indentation warning (bnc#1012382).
- rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).
- s390/dasd: fix handling of internal requests (bsc#1080809).
- s390/dasd: fix wrongly assigned configuration data (bnc#1012382).
- s390/dasd: prevent prefix I/O error (bnc#1012382).
- s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).
- sched/rt: Up the root domain ref count when passing it around via IPIs
(bnc#1012382).
- sched/rt: Use container_of() to get root domain in
rto_push_irq_work_func() (bnc#1012382).
- scripts/kernel-doc: Do not fail with status != 0 if error encountered
with -none (bnc#1012382).
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
path (bnc#1012382).
- scsi: advansys: fix build warning for PCI=n (bnc#1012382).
- scsi: advansys: fix uninitialized data access (bnc#1012382).
- scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
(bsc#1005776).
- scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).
- scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
(bnc#1012382).
- SCSI: initio: remove duplicate module device table (bnc#1012382).
- scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).
- scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,
bsc#966328).
- scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout
(FATE#320146, bsc#966328).
- scsi: return correct blkprep status code in case scsi_init_io() fails
(bsc#1082979).
- scsi: sim710: fix build warning (bnc#1012382).
- scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
(bnc#1012382).
- scsi: sun_esp: fix device reference leaks (bsc#1082979).
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
ufshcd_config_vreg (bnc#1012382).
- sctp: make use of pre-calculated len (bnc#1012382).
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core() (bnc#1012382).
- selinux: general protection fault in sock_has_perm (bnc#1012382).
- selinux: skip bounded transition processing if the policy isn't loaded
(bnc#1012382).
- serial: 8250_mid: fix broken DMA dependency (bnc#1012382).
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
(bsc#1031717).
- serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
(bnc#1012382).
- sget(): handle failures of register_shrinker() (bnc#1012382).
- signal/openrisc: Fix do_unaligned_access to send the proper signal
(bnc#1012382).
- signal/sh: Ensure si_signo is initialized in do_divide_error
(bnc#1012382).
- SolutionEngine771x: fix Ether platform data (bnc#1012382).
- spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).
- spi: imx: do not access registers while clocks disabled (bnc#1012382).
- spi: sun4i: disable clocks in the remove function (bnc#1012382).
- ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).
- staging: android: ashmem: Fix a race condition in pin ioctls
(bnc#1012382).
- staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).
- staging: ste_rmi4: avoid unused function warnings (bnc#1012382).
- staging: unisys: visorinput depends on INPUT (bnc#1012382).
- staging: wilc1000: fix kbuild test robot error (bnc#1012382).
- SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382).
- tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).
- tc358743: fix register i2c_rd/wr function fix (git-fixes).
- tc358743: fix register i2c_rd/wr functions (bnc#1012382).
- tcp: do not set rtt_min to 1 (bsc#1042286).
- tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).
- test_bpf: fix the dummy skb after dissector changes (bsc#1042286).
- tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).
- tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).
- thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).
- thermal: spear: use __maybe_unused for PM functions (bnc#1012382).
- tlan: avoid unused label with PCI=n (bnc#1012382).
- tools build: Add tools tree support for 'make -s' (bnc#1012382).
- tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).
- tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).
- tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).
- ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).
- udp: restore UDPlite many-cast delivery (bsc#1042286).
- usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).
- USB: cdc-acm: Do not log urb submission errors on disconnect
(bnc#1012382).
- USB: cdc_subset: only build when one driver is enabled (bnc#1012382).
- usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).
- usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).
- usb: gadget: do not dereference g until after it has been null checked
(bnc#1012382).
- usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).
- usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).
- usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
(bnc#1012382).
- usbip: keep usbip_device sockfd state in sync with tcp_socket
(bnc#1012382).
- usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).
- usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).
- usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).
- usb: ldusb: add PIDs for new CASSY devices supported by this driver
(bnc#1012382).
- usb: musb/ux500: remove duplicate check for dma_is_compatible
(bnc#1012382).
- usb: ohci: Proper handling of ed_rm_list to handle race condition
between usb_kill_urb() and finish_unlinks() (bnc#1012382).
- usb: option: Add support for FS040U modem (bnc#1012382).
- usb: phy: msm add regulator dependency (bnc#1012382).
- usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
(bnc#1012382).
- USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).
- USB: serial: pl2303: new device id for Chilitag (bnc#1012382).
- USB: serial: simple: add Motorola Tetra driver (bnc#1012382).
- usb: uas: unconditionally bring back host after reset (bnc#1012382).
- v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).
- vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).
- vfs: do not do RCU lookup of empty pathnames (bnc#1012382).
- vhost_net: stop device during reset owner (bnc#1012382).
- video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).
- video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).
- video: fbdev: sis: remove unused variable (bnc#1012382).
- video: fbdev: via: remove possibly unused variables (bnc#1012382).
- video: Use bool instead int pointer for get_opt_bool() argument
(bnc#1012382).
- virtio_balloon: prevent uninitialized variable use (bnc#1012382).
- vlan: Check for vlan ethernet types for 8021.q or 802.1ad (bsc#1042286).
- vmxnet3: prevent building with 64K pages (bnc#1012382).
- vxlan: consolidate csum flag handling (bsc#1042286).
- vxlan: consolidate output route calculation (bsc#1042286).
- vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).
- vxlan: do not allow overwrite of config src addr (bsc#1042286).
- watchdog: imx2_wdt: restore previous timeout after suspend+resume
(bnc#1012382).
- wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).
- x86: add MULTIUSER dependency for KVM (bnc#1012382).
- x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).
- x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).
- x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).
- x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).
- x86/build: Silence the build with "make -s" (bnc#1012382).
- x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).
- x86/cpu: Change type of x86_cache_size variable to unsigned int
(bnc#1012382).
- x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
(bsc#1077560).
- x86/entry/64: Use a per-CPU trampoline stack for IDT entries
(bsc#1077560).
- x86: fix build warnign with 32-bit PAE (bnc#1012382).
- x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).
- x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
(bnc#1012382).
- x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
running nested (bsc#1081431).
- x86/mce: Pin the timer when modifying (bsc#1080851,1076282).
- x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
preemptibility bug (bnc#1012382).
- x86/microcode/AMD: Do not load when running on a hypervisor
(bnc#1012382).
- x86/microcode: Do the family check first (bnc#1012382).
- x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).
- x86/nospec: Fix header guards names (bnc#1012382).
- x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).
- x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).
- x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).
- x86/platform/olpc: Fix resume handler build warning (bnc#1012382).
- x86/pti: Make unpoison of pgd for trusted boot work for real
(bnc#1012382).
- x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).
- x86/retpoline: Avoid retpolines for built-in __init functions
(bnc#1012382).
- x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).
- x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).
- x86/spectre: Fix an error message (git-fixes).
- x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
(bnc#1012382).
- x86/spectre: Remove the out-of-tree RSB stuffing
- x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
(bnc#1012382).
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).
- xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).
- xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).
- xen-netfront: enable device after manual module load (bnc#1012382).
- xen-netfront: remove warning when unloading module (bnc#1012382).
- xen: XEN_acpi_PROCESSOR is Dom0-only (bnc#1012382).
- xfrm: check id proto in validate_tmpl() (bnc#1012382).
- xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies
(bnc#1012382).
- xfrm_user: propagate sec ctx allocation errors (bsc#1042286).
- xfs: do not chain ioends during writepage submission (bsc#1077285
bsc#1043441).
- xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).
- xfs: Introduce writeback context for writepages (bsc#1077285
bsc#1043441).
- xfs: ioends require logically contiguous file offsets (bsc#1077285
bsc#1043441).
- xfs: quota: check result of register_shrinker() (bnc#1012382).
- xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).
- xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).
- xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285
bsc#1043441).
- xfs: remove racy hasattr check from attr ops (bsc#1035432).
- xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).
- xfs: stop searching for free slots in an inode chunk when there are none
(bsc#1072739).
- xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).
- xfs: ubsan fixes (bnc#1012382).
- xfs: validate sb_logsunit is a multiple of the fs blocksize
(bsc#1077513).
- xfs: write unmount record for ro mounts (bsc#1073401).
- xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).
- xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2018-535=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-535=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-535=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-535=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2018-535=1
- SUSE Linux Enterprise High Availability 12-SP2:
zypper in -t patch SUSE-SLE-HA-12-SP2-2018-535=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-535=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-535=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
kernel-default-extra-4.4.120-92.70.1
kernel-default-extra-debuginfo-4.4.120-92.70.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.4.120-92.70.1
kernel-obs-build-debugsource-4.4.120-92.70.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):
kernel-docs-4.4.120-92.70.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
kernel-default-4.4.120-92.70.1
kernel-default-base-4.4.120-92.70.1
kernel-default-base-debuginfo-4.4.120-92.70.1
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
kernel-default-devel-4.4.120-92.70.1
kernel-syms-4.4.120-92.70.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
kernel-devel-4.4.120-92.70.1
kernel-macros-4.4.120-92.70.1
kernel-source-4.4.120-92.70.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
kernel-default-4.4.120-92.70.1
kernel-default-base-4.4.120-92.70.1
kernel-default-base-debuginfo-4.4.120-92.70.1
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
kernel-default-devel-4.4.120-92.70.1
kernel-syms-4.4.120-92.70.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
kernel-devel-4.4.120-92.70.1
kernel-macros-4.4.120-92.70.1
kernel-source-4.4.120-92.70.1
- SUSE Linux Enterprise Server 12-SP2 (s390x):
kernel-default-man-4.4.120-92.70.1
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_120-92_70-default-1-3.3.1
- SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.120-92.70.1
cluster-md-kmp-default-debuginfo-4.4.120-92.70.1
cluster-network-kmp-default-4.4.120-92.70.1
cluster-network-kmp-default-debuginfo-4.4.120-92.70.1
dlm-kmp-default-4.4.120-92.70.1
dlm-kmp-default-debuginfo-4.4.120-92.70.1
gfs2-kmp-default-4.4.120-92.70.1
gfs2-kmp-default-debuginfo-4.4.120-92.70.1
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
ocfs2-kmp-default-4.4.120-92.70.1
ocfs2-kmp-default-debuginfo-4.4.120-92.70.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
kernel-devel-4.4.120-92.70.1
kernel-macros-4.4.120-92.70.1
kernel-source-4.4.120-92.70.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
kernel-default-4.4.120-92.70.1
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
kernel-default-devel-4.4.120-92.70.1
kernel-default-extra-4.4.120-92.70.1
kernel-default-extra-debuginfo-4.4.120-92.70.1
kernel-syms-4.4.120-92.70.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
kernel-default-4.4.120-92.70.1
kernel-default-debuginfo-4.4.120-92.70.1
kernel-default-debugsource-4.4.120-92.70.1
References:
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-15951.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-17975.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2018-1000026.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-8087.html
https://bugzilla.suse.com/1005776
https://bugzilla.suse.com/1006867
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1027054
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1034503
https://bugzilla.suse.com/1035432
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1043441
https://bugzilla.suse.com/1045330
https://bugzilla.suse.com/1062840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065615
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068569
https://bugzilla.suse.com/1069135
https://bugzilla.suse.com/1071306
https://bugzilla.suse.com/1071892
https://bugzilla.suse.com/1072363
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072739
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1073401
https://bugzilla.suse.com/1074198
https://bugzilla.suse.com/1074426
https://bugzilla.suse.com/1075087
https://bugzilla.suse.com/1076282
https://bugzilla.suse.com/1077285
https://bugzilla.suse.com/1077513
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077779
https://bugzilla.suse.com/1078583
https://bugzilla.suse.com/1078609
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1078787
https://bugzilla.suse.com/1079029
https://bugzilla.suse.com/1079038
https://bugzilla.suse.com/1079384
https://bugzilla.suse.com/1079989
https://bugzilla.suse.com/1080014
https://bugzilla.suse.com/1080263
https://bugzilla.suse.com/1080344
https://bugzilla.suse.com/1080360
https://bugzilla.suse.com/1080364
https://bugzilla.suse.com/1080384
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080774
https://bugzilla.suse.com/1080809
https://bugzilla.suse.com/1080813
https://bugzilla.suse.com/1080851
https://bugzilla.suse.com/1081134
https://bugzilla.suse.com/1081431
https://bugzilla.suse.com/1081491
https://bugzilla.suse.com/1081498
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/1081512
https://bugzilla.suse.com/1081671
https://bugzilla.suse.com/1082223
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1082478
https://bugzilla.suse.com/1082795
https://bugzilla.suse.com/1082864
https://bugzilla.suse.com/1082897
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1082993
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1083548
https://bugzilla.suse.com/1084610
https://bugzilla.suse.com/1085053
https://bugzilla.suse.com/1085107
https://bugzilla.suse.com/1085224
https://bugzilla.suse.com/1085239
https://bugzilla.suse.com/863764
https://bugzilla.suse.com/966328
https://bugzilla.suse.com/975772
https://bugzilla.suse.com/983145
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0781-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 23 Mar '18
by opensuse-security@opensuse.org 23 Mar '18
23 Mar '18
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0781-1
Rating: important
References: #1006867 #1012382 #1015342 #1015343 #1020645
#1022607 #1027054 #1031717 #1033587 #1034503
#103998_FIXME #1042286 #1043441 #1043725
#1043726 #1062840 #1065600 #1065615 #1066223
#1067118 #1068032 #1068569 #1069135 #1070404
#1071306 #1071892 #1072363 #1072689 #1072739
#1072865 #1073401 #1073407 #1074198 #1074426
#1075087 #1076282 #1076693 #1076760 #1076982
#1077241 #1077285 #1077560 #1078583 #1078672
#1078673 #1079029 #1079038 #1079313 #1079384
#1079609 #1079886 #1079989 #1080014 #1080263
#1080321 #1080344 #1080364 #1080384 #1080464
#1080533 #1080656 #1080774 #1080813 #1080851
#1081134 #1081431 #1081436 #1081437 #1081491
#1081498 #1081500 #1081512 #1081514 #1081681
#1081735 #1082089 #1082223 #1082299 #1082373
#1082478 #1082632 #1082795 #1082864 #1082897
#1082979 #1082993 #1083048 #1083086 #1083223
#1083387 #1083409 #1083494 #1083548 #1083750
#1083770 #1084041 #1084397 #1084427 #1084610
#1084772 #1084888 #1084926 #1084928 #1084967
#1085011 #1085015 #1085045 #1085047 #1085050
#1085053 #1085054 #1085056 #1085107 #1085224
#1085239 #863764 #966170 #966172 #966328
#975772 #983145
Cross-References: CVE-2017-13166 CVE-2017-15951 CVE-2017-16644
CVE-2017-16912 CVE-2017-16913 CVE-2017-17975
CVE-2017-18174 CVE-2017-18208 CVE-2018-1000026
CVE-2018-1068 CVE-2018-8087
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 110 fixes
is now available.
Description:
The openSUSE Leap 42.3 kernel was updated to 4.4.120 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a
denial of service (memory consumption) by triggering an out-of-array
error case (bnc#1085053).
- CVE-2017-13166: An elevation of privilege vulnerability in the v4l2
video driver was fixed. (bnc#1072865).
- CVE-2017-18208: The madvise_willneed function in mm/madvise.c in the
Linux kernel allowed local users to cause a denial of service (infinite
loop) by triggering use of MADVISE_WILLNEED for a DAX mapping
(bnc#1083494).
- CVE-2017-17975: Use-after-free in the usbtv_probe function in
drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial
of service (system crash) or possibly have unspecified other impact by
triggering failure of audio registration, because a kfree of the usbtv
data structure occurs during a usbtv_video_free call, but the
usbtv_video_fail label's code attempts to both access and free this data
structure (bnc#1074426).
- CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2017-15951: The KEYS subsystem in did not correctly synchronize the
actions of updating versus finding a key in the "negative" state to
avoid a race condition, which allowed local users to cause a denial of
service or possibly have unspecified other impact via crafted system
calls (bnc#1062840 bnc#1065615).
- CVE-2018-1000026: A insufficient input validation vulnerability in the
bnx2x network card driver could result in DoS: Network card firmware
assertion takes card off-line. This attack appear to be exploitable via
an attacker that must pass a very large, specially crafted packet to the
bnx2x card. This could be done from an untrusted guest VM. (bnc#1079384).
- CVE-2017-18174: In the amd_gpio_remove function in
drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,
which could lead to a double free (bnc#1080533).
- CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)
allowed attackers to cause a denial of service (out-of-bounds read) via
a specially crafted USB over IP packet (bnc#1078673).
- CVE-2017-16913: The "stub_recv_cmd_submit()" function
(drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed
attackers to cause a denial of service (arbitrary memory allocation) via
a specially crafted USB over IP packet (bnc#1078672).
- CVE-2018-1068: Insufficient user provided offset checking in the
ebtables compat code allowed local attackers to overwrite kernel memory
and potentially execute code. (bsc#1085107)
The following non-security bugs were fixed:
- acpi / bus: Leave modalias empty for devices which are not present
(bnc#1012382).
- acpi, nfit: fix health event notification (FATE#321135, FATE#321217,
FATE#321256, FATE#321391, FATE#321393).
- acpi, nfit: fix register dimm error handling (FATE#321135, FATE#321217,
FATE#321256, FATE#321391, FATE#321393).
- acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).
- Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).
- ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).
- ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
(bnc#1012382).
- ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).
- alpha: fix crash if pthread_create races with signal delivery
(bnc#1012382).
- alpha: fix reboot on Avanti platform (bnc#1012382).
- alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).
- alsa: hda - Fix headset mic detection problem for two Dell machines
(bnc#1012382).
- alsa: hda/realtek - Add headset mode support for Dell laptop
(bsc#1031717).
- alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).
- alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).
- alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).
- alsa: seq: Fix racy pool initializations (bnc#1012382).
- alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).
- alsa: usb-audio: add implicit fb quirk for Behringer UFX1204
(bnc#1012382).
- alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
(bnc#1012382).
- amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).
- arm64: add PTE_ADDR_MASK (bsc#1068032).
- arm64: barrier: Add CSDB macros to control data-value prediction
(bsc#1068032).
- arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).
- arm64: Disable unhandled signal log messages by default (bnc#1012382).
- arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).
- arm64: entry: Apply BP hardening for high-priority synchronous
exceptions (bsc#1068032).
- arm64: entry: Apply BP hardening for suspicious interrupts from EL0
(bsc#1068032).
- arm64: entry: Ensure branch through syscall table is bounded under
speculation (bsc#1068032).
- arm64: entry: Reword comment about post_ttbr_update_workaround
(bsc#1068032).
- arm64: Force KPTI to be disabled on Cavium ThunderX (bsc#1068032).
- arm64: futex: Mask __user pointers prior to dereference (bsc#1068032).
- arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
(bsc#1068032).
- arm64: Implement array_index_mask_nospec() (bsc#1068032).
- arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
(bnc#1012382).
- arm64: kpti: Add ->enable callback to remap swapper using nG mappings
(bsc#1068032).
- arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
(bsc#1068032).
- arm64: Make USER_DS an inclusive limit (bsc#1068032).
- arm64: mm: Permit transitioning from Global to Non-Global without BBM
(bsc#1068032).
- arm64: move TASK_* definitions to <asm/processor.h> (bsc#1068032).
- arm64: Run enable method for errata work arounds on late CPUs
(bsc#1085045).
- arm64: uaccess: Do not bother eliding access_ok checks in __{get,
put}_user (bsc#1068032).
- arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
(bsc#1068032).
- arm64: uaccess: Prevent speculative use of the current addr_limit
(bsc#1068032).
- arm64: Use pointer masking to limit uaccess speculation (bsc#1068032).
- arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
(bnc#1012382).
- arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
(bnc#1012382).
- arm: dts: am4372: Correct the interrupts_properties of McASP
(bnc#1012382).
- arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
(bnc#1012382).
- arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).
- arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).
- arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
(bnc#1012382).
- arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls
(bnc#1012382).
- arm: OMAP2+: Fix SRAM virt to phys translation for
save_secure_ram_context (bnc#1012382).
- arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).
- arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).
- arm: spear13xx: Fix dmas cells (bnc#1012382).
- arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).
- arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).
- arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).
- asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).
- asoc: Intel: Kconfig: fix build when ACPI is not enabled (bnc#1012382).
- asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
(bsc#1031717).
- asoc: mediatek: add i2c dependency (bnc#1012382).
- asoc: nuc900: Fix a loop timeout test (bsc#1031717).
- asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- asoc: rockchip: disable clock on error (bnc#1012382).
- asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).
- asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).
- asoc: simple-card: Fix misleading error message (bnc#1012382).
- asoc: ux500: add MODULE_LICENSE tag (bnc#1012382).
- ata: ahci_xgene: free structure returned by acpi_get_object_info()
(bsc#1082979).
- ata: pata_artop: remove redundant initialization of pio (bsc#1082979).
- ata: sata_dwc_460ex: remove incorrect locking (bsc#1082979).
- b2c2: flexcop: avoid unused function warnings (bnc#1012382).
- binder: add missing binder_unlock() (bnc#1012382).
- binder: check for binder_thread allocation failure in binder_poll()
(bnc#1012382).
- binfmt_elf: compat: avoid unused function warning (bnc#1012382).
- blacklist acb1feab320e powerpc/64: Do not trace irqs-off at interrupt
return to soft-disabled context
- blacklist.conf: blacklist too intrusive patches (bsc#1082979)
- blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set
console_may_schedule in console_trylock()")
- blk-mq: add warning to __blk_mq_run_hw_queue() for ints disabled
(bsc#1084772).
- blk-mq: stop 'delayed_run_work' in blk_mq_stop_hw_queue() (bsc#1084967).
- blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk (bsc#1084772).
- blktrace: fix unlocked registration of tracepoints (bnc#1012382).
- block: fix an error code in add_partition() (bsc#1082979).
- block: Fix __bio_integrity_endio() documentation (bsc#1082979).
- bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).
- bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
version (bnc#1012382).
- bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine
(bnc#1012382).
- bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).
- bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).
- bpf: fix 32-bit divide by zero (bnc#1012382).
- bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).
- bpf: fix divides by zero (bnc#1012382).
- bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).
- bpf: reject stores into ctx via st and xadd (bnc#1012382).
- bridge: implement missing ndo_uninit() (bsc#1042286).
- bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: fix crash due to not cleaning up tree log block's dirty bits
(bnc#1012382).
- btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).
- btrfs: fix deadlock when writing out space cache (bnc#1012382).
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
(bnc#1012382).
- btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).
- btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).
- btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
(bnc#1012382).
- can: flex_can: Correct the checking for frame length in
flexcan_start_xmit() (bnc#1012382).
- cdrom: turn off autoclose by default (bsc#1080813).
- ceph: fix incorrect snaprealm when adding caps (bsc#1081735).
- ceph: fix un-balanced fsc->writeback_count update (bsc#1081735).
- cfg80211: check dev_set_name() return value (bnc#1012382).
- cfg80211: fix cfg80211_beacon_dup (bnc#1012382).
- cifs: dump IPC tcon in debug proc file (bsc#1071306).
- cifs: Fix autonegotiate security settings mismatch (bnc#1012382).
- cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).
- cifs: make IPC a regular tcon (bsc#1071306).
- cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
(bsc#1071306).
- cifs: zero sensitive data when freeing (bnc#1012382).
- clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).
- console/dummy: leave .con_font_get set to NULL (bnc#1012382).
- cpufreq: Add Loongson machine dependencies (bnc#1012382).
- crypto: aesni - handle zero length dst buffer (bnc#1012382).
- crypto: af_alg - whitelist mask and type (bnc#1012382).
- crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).
- crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).
- crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).
- crypto: poly1305 - remove ->setkey() method (bnc#1012382).
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).
- crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).
- crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).
- cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).
- dccp: limit sk_filter trim to payload (bsc#1042286).
- dell-wmi, dell-laptop: depends DMI (bnc#1012382).
- direct-io: Fix sleep in atomic due to sync AIO (bsc#1084888).
- dlm: fix double list_del() (bsc#1082795).
- dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).
- dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved (bnc#1012382).
- dmaengine: dmatest: fix container_of member in dmatest_callback
(bnc#1012382).
- dmaengine: ioat: Fix error handling path (bnc#1012382).
- dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).
- dmaengine: zx: fix build warning (bnc#1012382).
- dm: correctly handle chained bios in dec_pending() (bnc#1012382).
- dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
(bnc#1012382).
- do not put symlink bodies in pagecache into highmem (bnc#1012382).
- dpt_i2o: fix build warning (bnc#1012382).
- driver-core: use 'dev' argument in dev_dbg_ratelimited stub
(bnc#1012382).
- drivers: hv: balloon: Correctly update onlined page count (fate#315887,
bsc#1082632).
- drivers: hv: balloon: Initialize last_post_time on startup (fate#315887,
bsc#1082632).
- drivers: hv: balloon: Show the max dynamic memory assigned (fate#315887,
bsc#1082632).
- drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id
(fate#315887, bsc#1082632).
- drivers: hv: Turn off write permission on the hypercall page
(fate#315887, bsc#1082632).
- drivers: hv: vmbus: Fix rescind handling (fate#315887, bsc#1082632).
- drivers: hv: vmbus: Fix rescind handling issues (fate#315887,
bsc#1082632).
- drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).
- drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
(bnc#1012382).
- drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).
- drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).
- drm/armada: fix leak of crtc structure (bnc#1012382).
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).
- drm/gma500: remove helper function (bnc#1012382).
- drm/gma500: Sanity-check pipe index (bnc#1012382).
- drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).
- drm/nouveau/pci: do a msi rearm on init (bnc#1012382).
- drm/radeon: adjust tested variable (bnc#1012382).
- drm: rcar-du: Fix race condition when disabling planes at CRTC stop
(bnc#1012382).
- drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
(bnc#1012382).
- drm/ttm: check the return value of kzalloc (bnc#1012382).
- drm/vmwgfx: use *_32_bits() macros (bnc#1012382).
- e1000: fix disabling already-disabled warning (bnc#1012382).
- edac, octeon: Fix an uninitialized variable warning (bnc#1012382).
- em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).
- enable DST_CACHE in non-vanilla configs except s390x/zfcpdump
- ext4: correct documentation for grpid mount option (bnc#1012382).
- ext4: do not unnecessarily allocate buffer in recently_deleted()
(bsc#1080344).
- ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).
- ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).
- f2fs: fix a bug caused by NULL extent tree (bsc#1082478). Does not
affect SLE release but should be merged into leap updates
- fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).
- fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).
- fbdev: sis: enforce selection of at least one backend (bnc#1012382).
- fbdev: sm712fb: avoid unused function warnings (bnc#1012382).
- fs: Avoid invalidation in interrupt context in dio_complete()
(bsc#1073407 bsc#1069135).
- fs: Fix page cache inconsistency when mixing buffered and AIO DIO
(bsc#1073407 bsc#1069135).
- fs: invalidate page cache after end_io() in dio completion (bsc#1073407
bsc#1069135).
- ftrace: Remove incorrect setting of glob search field (bnc#1012382).
- geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).
- genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
(bnc#1012382).
- genirq/msi: Fix populating multiple interrupts (bsc#1085047).
- genirq: Restore trigger settings in irq_modify_status() (bsc#1085056).
- genksyms: Fix segfault with invalid declarations (bnc#1012382).
- gianfar: fix a flooded alignment reports because of padding issue
(bnc#1012382).
- go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).
- gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).
- gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).
- gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).
- gre: build header correctly for collect metadata tunnels (bsc#1042286).
- gre: do not assign header_ops in collect metadata mode (bsc#1042286).
- gre: do not keep the GRE header around in collect medata mode
(bsc#1042286).
- gre: reject GUE and FOU in collect metadata mode (bsc#1042286).
- hdpvr: hide unused variable (bnc#1012382).
- hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
(bnc#1012382).
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
(bnc#1012382).
- hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
(bnc#1012382).
- hv_netvsc: Add ethtool handler to set and get TCP hash levels
(fate#315887, bsc#1082632).
- hv_netvsc: Add ethtool handler to set and get UDP hash levels
(fate#315887, bsc#1082632).
- hv_netvsc: Add initialization of tx_table in netvsc_device_add()
(fate#315887, bsc#1082632).
- hv_netvsc: Change the hash level variable to bit flags (fate#315887,
bsc#1082632).
- hv_netvsc: Clean up an unused parameter in rndis_filter_set_rss_param()
(fate#315887, bsc#1082632).
- hv_netvsc: Clean up unused parameter from netvsc_get_hash()
(fate#315887, bsc#1082632).
- hv_netvsc: Clean up unused parameter from netvsc_get_rss_hash_opts()
(fate#315887, bsc#1082632).
- hv_netvsc: copy_to_send buf can be void (fate#315887, bsc#1082632).
- hv_netvsc: do not need local xmit_more (fate#315887, bsc#1082632).
- hv_netvsc: drop unused macros (fate#315887, bsc#1082632).
- hv_netvsc: empty current transmit aggregation if flow blocked
(fate#315887, bsc#1082632).
- hv_netvsc: Fix rndis_filter_close error during netvsc_remove
(fate#315887, bsc#1082632).
- hv_netvsc: fix send buffer failure on MTU change (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the channel limit in netvsc_set_rxfh() (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the real number of queues of non-vRSS cases (fate#315887,
bsc#1082632).
- hv_netvsc: Fix the receive buffer size limit (fate#315887, bsc#1082632).
- hv_netvsc: Fix the TX/RX buffer default sizes (fate#315887, bsc#1082632).
- hv_netvsc: hide warnings about uninitialized/missing rndis device
(fate#315887, bsc#1082632).
- hv_netvsc: make const array ver_list static, reduces object code size
(fate#315887, bsc#1082632).
- hv_netvsc: optimize initialization of RNDIS header (fate#315887,
bsc#1082632).
- hv_netvsc: pass netvsc_device to receive callback (fate#315887,
bsc#1082632).
- hv_netvsc: remove open_cnt reference count (fate#315887, bsc#1082632).
- hv_netvsc: Rename ind_table to rx_table (fate#315887, bsc#1082632).
- hv_netvsc: Rename tx_send_table to tx_table (fate#315887, bsc#1082632).
- hv_netvsc: replace divide with mask when computing padding (fate#315887,
bsc#1082632).
- hv_netvsc: report stop_queue and wake_queue (fate#315887, bsc#1082632).
- hv_netvsc: simplify function args in receive status path (fate#315887,
bsc#1082632).
- hv_netvsc: Simplify the limit check in netvsc_set_channels()
(fate#315887, bsc#1082632).
- hv_netvsc: track memory allocation failures in ethtool stats
(fate#315887, bsc#1082632).
- hv: preserve kabi by keeping hv_do_hypercall (bnc#1082632).
- hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).
- hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).
- hyper-v: trace vmbus_ongpadl_created() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_ongpadl_torndown() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_on_message() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_on_msg_dpc() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onoffer() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onoffer_rescind() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onopen_result() (fate#315887, bsc#1082632).
- hyper-v: trace vmbus_onversion_response() (fate#315887, bsc#1082632).
- hyper-v: Use fast hypercall for HVCALL_SIGNAL_EVENT (fate#315887,
bsc#1082632).
- i2c: remove __init from i2c_register_board_info() (bnc#1012382).
- ib/hfi1: Fix for potential refcount leak in hfi1_open_file()
(FATE#321231 FATE#321473).
- ib/iser: Handle lack of memory management extentions correctly
(bsc#1082979).
- ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH
ports (bnc#1012382).
- ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).
- ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).
- ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).
- ibmvnic: Allocate max queues stats buffers (bsc#1081498).
- ibmvnic: Allocate statistics buffers during probe (bsc#1082993).
- ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,
git-fixes).
- ibmvnic: Clean RX pool buffers during device close (bsc#1081134).
- ibmvnic: Clean up device close (bsc#1084610).
- ibmvnic: Correct goto target for tx irq initialization failure
(bsc#1082223).
- ibmvnic: Do not attempt to login if RX or TX queues are not allocated
(bsc#1082993).
- ibmvnic: Do not disable device during failover or partition migration
(bsc#1084610).
- ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).
- ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).
- ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).
- ibmvnic: Fix login buffer memory leaks (bsc#1081134).
- ibmvnic: Fix NAPI structures memory leak (bsc#1081134).
- ibmvnic: Fix recent errata commit (bsc#1085239).
- ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).
- ibmvnic: Fix TX descriptor tracking again (bsc#1082993).
- ibmvnic: Fix TX descriptor tracking (bsc#1081491).
- ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change
(bsc#1081498).
- ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).
- ibmvnic: Generalize TX pool structure (bsc#1085224).
- ibmvnic: Handle TSO backing device errata (bsc#1085239).
- ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).
- ibmvnic: Improve TX buffer accounting (bsc#1085224).
- ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).
- ibmvnic: Make napi usage dynamic (bsc#1081498).
- ibmvnic: Move active sub-crq count settings (bsc#1081498).
- ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).
- ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).
- ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).
- ibmvnic: Rename active queue count variables (bsc#1081498).
- ibmvnic: Reorganize device close (bsc#1084610).
- ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).
- ibmvnic: Reset long term map ID counter (bsc#1080364).
- ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).
- ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).
- ibmvnic: Update release RX pool routine (bsc#1085224).
- ibmvnic: Update TX and TX completion routines (bsc#1085224).
- ibmvnic: Update TX pool initialization routine (bsc#1085224).
- ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).
- ib/srpt: Remove an unused structure member (bsc#1082979).
- idle: i7300: add PCI dependency (bnc#1012382).
- igb: Free IRQs when device is hotplugged (bnc#1012382).
- iio: adc: axp288: remove redundant duplicate const on
axp288_adc_channels (bnc#1012382).
- iio: adis_lib: Initialize trigger before requesting interrupt
(bnc#1012382).
- iio: buffer: check if a buffer has been set up when poll is called
(bnc#1012382).
- input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
(bnc#1012382).
- input: tca8418_keypad - remove double read of key event register
(git-fixes).
- iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).
- iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).
- iommu/amd: Fix alloc_irq_index() increment (bsc#975772).
- iommu/amd: Limit the IOVA page range to the specified addresses
(fate#321026).
- iommu/arm-smmu-v3: Cope with duplicated Stream IDs (bsc#1084926).
- iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
(bsc#1084928).
- iommu/vt-d: Use domain instead of cache fetching (bsc#975772).
- ip6: add ip6_make_flowinfo helper (bsc#1042286).
- ip6mr: fix stale iterator (bnc#1012382).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- ip_tunnel: fix preempt warning in ip tunnel creation/updating
(bnc#1012382).
- ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).
- ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).
- ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).
- ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).
- ipv4: update comment to document GSO fragmentation cases (bsc#1042286).
- ipv6: datagram: Refactor dst lookup and update codes to a new function
(bsc#1042286).
- ipv6: datagram: Refactor flowi6 init codes to a new function
(bsc#1042286).
- ipv6: datagram: Update dst cache of a connected datagram sk during pmtu
update (bsc#1042286).
- ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).
- ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).
- ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).
- ipv6: remove unused in6_addr struct (bsc#1042286).
- ipv6: tcp: fix endianness annotation in tcp_v6_send_response
(bsc#1042286).
- ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).
- ipvlan: Add the skb->mark as flow4's member to lookup route
(bnc#1012382).
- ipvlan: fix multicast processing (bsc#1042286).
- ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
(bnc#1012382).
- isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).
- isdn: icn: remove a #warning (bnc#1012382).
- isdn: sc: work around type mismatch warning (bnc#1012382).
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
(git-fixes).
- kABI: protect struct cpuinfo_x86 (kabi).
- kABI: protect struct ethtool_link_settings (bsc#1085050).
- kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all
(kabi).
- kABI: reintroduce crypto_poly1305_setkey (kabi).
- kabi: restore kabi after "net: replace dst_cache ip6_tunnel
implementation with the generic one" (bsc#1082897).
- kabi: restore nft_set_elem_destroy() signature (bsc#1042286).
- kabi: restore rhashtable_insert_slow() signature (bsc#1042286).
- kabi/severities: add sclp to KABI ignore list
- kabi/severities: add __x86_indirect_thunk_rsp
- kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have
spoken, let there be light.
- kabi/severities: Ignore kvm for KABI severities
- kabi: uninline sk_receive_skb() (bsc#1042286).
- kaiser: fix compile error without vsyscall (bnc#1012382).
- kaiser: fix intel_bts perf crashes (bnc#1012382).
- kasan: rework Kconfig settings (bnc#1012382).
- kernel/async.c: revert "async: simplify lowest_in_progress()"
(bnc#1012382).
- kernel: fix rwlock implementation (bnc#1079886, LTC#164371).
- kernfs: fix regression in kernfs_fop_write caused by wrong type
(bnc#1012382).
- keys: encrypted: fix buffer overread in valid_master_desc()
(bnc#1012382).
- kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).
- kvm: add X86_LOCAL_APIC dependency (bnc#1012382).
- kvm: ARM64: fix phy counter access failure in guest (bsc#1085015).
- kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
(bsc#1079029).
- kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
(bnc#1012382).
- kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2
(bnc#1012382).
- kvm: nVMX: invvpid handling improvements (bnc#1012382).
- kvm: nVMX: kmap() can't fail (bnc#1012382).
- kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail
(bnc#1012382).
- kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled
(bsc#1066223).
- kvm: s390: Add operation exception interception handler (FATE#324070,
LTC#158959).
- kvm: s390: Add sthyi emulation (FATE#324070, LTC#158959).
- kvm: s390: Enable all facility bits that are known good for passthrough
(FATE#324071, LTC#158956).
- kvm: s390: Extend diag 204 fields (FATE#324070, LTC#158959).
- kvm: s390: Fix STHYI buffer alignment for diag224 (FATE#324070,
LTC#158959).
- kvm: s390: instruction-execution-protection support (LTC#162428).
- kvm: s390: Introduce BCD Vector Instructions to the guest (FATE#324072,
LTC#158953).
- kvm: s390: Introduce Vector Enhancements facility 1 to the guest
(FATE#324072, LTC#158953).
- kvm: s390: Limit sthyi execution (FATE#324070, LTC#158959).
- kvm: s390: Populate mask of non-hypervisor managed facility bits
(FATE#324071, LTC#158956).
- kvm: VMX: clean up declaration of VPID/EPT invalidation types
(bnc#1012382).
- kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).
- kvm: VMX: Make indirect call speculation safe (bnc#1012382).
- kvm: x86: Do not re-execute instruction when not passing CR2 value
(bnc#1012382).
- kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
(bnc#1012382).
- kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).
- kvm: X86: Fix operand/address-size during instruction decoding
(bnc#1012382).
- kvm: x86: ioapic: Clear Remote IRR when entry is switched to
edge-triggered (bnc#1012382).
- kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
(bnc#1012382).
- kvm: x86: ioapic: Preserve read-only values in the redirection table
(bnc#1012382).
- kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).
- kvm/x86: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
(bnc#1012382).
- l2tp: fix use-after-free during module unload (bsc#1042286).
- led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- libceph: check kstrndup() return value (bsc#1081735).
- lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).
- lib/uuid.c: introduce a few more generic helpers (fate#315887,
bsc#1082632).
- lib/uuid.c: use correct offset in uuid parser (fate#315887, bsc#1082632).
- livepatch: introduce shadow variable API (bsc#1082299 fate#313296).
Shadow variables support.
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299
fate#313296). Shadow variables support.
- lockd: fix "list_add double add" caused by legacy signal interface
(bnc#1012382).
- loop: fix concurrent lo_open/lo_release (bnc#1012382).
- mac80211: fix the update of path metric for RANN frame (bnc#1012382).
- mac80211: mesh: drop frames appearing to be from us (bnc#1012382).
- Make DST_CACHE a silent config option (bnc#1012382).
- mdio-sun4i: Fix a memory leak (bnc#1012382).
- md/raid1: Use a new variable to count flighting sync
requests(bsc#1083048)
- media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(bnc#1012382).
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(bnc#1012382).
- media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).
- media: s5k6aa: describe some function parameters (bnc#1012382).
- media: soc_camera: soc_scale_crop: add missing
MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).
- media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).
- media: usbtv: add a new usbid (bnc#1012382).
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain
errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
(bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
(bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY
(bnc#1012382).
- MIPS: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382).
- mmc: bcm2835: Do not overwrite max frequency unconditionally
(bsc#983145, git-fixes).
- mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).
- mm: hide a #warning for COMPILE_TEST (bnc#1012382).
- mm/kmemleak.c: make cond_resched() rate-limiting more efficient
(git-fixes).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1081500).
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed (bnc#1012382).
- mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user
copy (bnc#1012382).
- modsign: hide openssl output in silent builds (bnc#1012382).
- module/retpoline: Warn about missing retpoline in module (bnc#1012382).
- mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).
- mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).
- mtd: cfi: convert inline functions to macros (bnc#1012382).
- mtd: cfi: enforce valid geometry configuration (bnc#1012382).
- mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).
- mtd: maps: add __init attribute (bnc#1012382).
- mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).
- mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
(bnc#1012382).
- mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).
- mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).
- mvpp2: fix multicast address filter (bnc#1012382).
- ncpfs: fix unused variable warning (bnc#1012382).
- ncr5380: shut up gcc indentation warning (bnc#1012382).
- net: add dst_cache support (bnc#1012382).
- net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).
- net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).
- net: cdc_ncm: initialize drvflags before usage (bnc#1012382).
- net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).
- net: ena: add detection and recovery mechanism for handling
missed/misrouted MSI-X (bsc#1083548).
- net: ena: add new admin define for future support of IPv6 RSS
(bsc#1083548).
- net: ena: add power management ops to the ENA driver (bsc#1083548).
- net: ena: add statistics for missed tx packets (bsc#1083548).
- net: ena: fix error handling in ena_down() sequence (bsc#1083548).
- net: ena: fix race condition between device reset and link up setup
(bsc#1083548).
- net: ena: fix rare kernel crash when bar memory remap fails
(bsc#1083548).
- net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).
- net: ena: improve ENA driver boot time (bsc#1083548).
- net: ena: increase ena driver version to 1.3.0 (bsc#1083548).
- net: ena: increase ena driver version to 1.5.0 (bsc#1083548).
- net: ena: reduce the severity of some printouts (bsc#1083548).
- net: ena: remove legacy suspend suspend/resume support (bsc#1083548).
- net: ena: Remove redundant unlikely() (bsc#1083548).
- net: ena: unmask MSI-X only after device initialization is completed
(bsc#1083548).
- net: ethernet: cavium: Correct Cavium Thunderx NIC driver names
accordingly to module name (bsc#1085011).
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(bnc#1012382).
- net: ethtool: Add back transceiver type (bsc#1085050).
- net: ethtool: remove error check for legacy setting transceiver type
(bsc#1085050).
- netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets
(bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check() (bnc#1012382).
- netfilter: ipvs: avoid unused variable warnings (bnc#1012382).
- netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).
- netfilter: nf_tables: fix a wrong check to skip the inactive rules
(bsc#1042286).
- netfilter: nf_tables: fix inconsistent element expiration calculation
(bsc#1042286).
- netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).
- netfilter: nf_tables: fix race when create new element in dynset
(bsc#1042286).
- netfilter: on sockopt() acquire sock lock only in the required scope
(bnc#1012382).
- netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target} (bnc#1012382).
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
(bnc#1012382).
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
(bnc#1012382).
- netfilter: xt_socket: fix transparent match for IPv6 request sockets
(bsc#1042286).
- net: gianfar_ptp: move set_fipers() to spinlock protecting area
(bnc#1012382).
- net: hns: add ACPI mode support for ethtool -p (bsc#1084041).
- net: hp100: remove unnecessary #ifdefs (bnc#1012382).
- net: igmp: add a missing rcu locking section (bnc#1012382).
- net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags
(bsc#1042286).
- netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).
- net/mlx5e: Fix loopback self test when GRO is off (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
- net/mlx5e: Fix wrong delay calculation for overflow check scheduling
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
- net/mlx5e: Verify inline header size do not exceed SKB linear size
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
- net/mlx5: Use 128B cacheline size for 128B or larger cachelines
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
- net: phy: Keep reporting transceiver type (bsc#1085050).
- net: replace dst_cache ip6_tunnel implementation with the generic one
(bnc#1012382).
- net_sched: red: Avoid devision by zero (bnc#1012382).
- net_sched: red: Avoid illegal values (bnc#1012382).
- net/smc: fix NULL pointer dereference on sock_create_kern() error path
(bsc#1082979).
- netvsc: allow controlling send/recv buffer size (fate#315887,
bsc#1082632).
- netvsc: allow driver to be removed even if VF is present (fate#315887,
bsc#1082632).
- netvsc: check error return when restoring channels and mtu (fate#315887,
bsc#1082632).
- netvsc: cleanup datapath switch (fate#315887, bsc#1082632).
- netvsc: do not signal host twice if empty (fate#315887, bsc#1082632).
- netvsc: fix deadlock betwen link status and removal (fate#315887,
bsc#1082632).
- netvsc: increase default receive buffer size (fate#315887, bsc#1082632).
- netvsc: keep track of some non-fatal overload conditions (fate#315887,
bsc#1082632).
- netvsc: no need to allocate send/receive on numa node (fate#315887,
bsc#1082632).
- netvsc: propagate MAC address change to VF slave (fate#315887,
bsc#1082632).
- netvsc: remove unnecessary cast of void pointer (fate#315887,
bsc#1082632).
- netvsc: remove unnecessary check for NULL hdr (fate#315887, bsc#1082632).
- netvsc: whitespace cleanup (fate#315887, bsc#1082632).
- net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).
- net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).
- NFS: commit direct writes even if they fail partially (bnc#1012382).
- nfsd: check for use of the closed special stateid (bnc#1012382).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
(bnc#1012382).
- nfsd: Ensure we check stateid validity in the seqid operation checks
(bnc#1012382).
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).
- nfs: fix a deadlock in nfs client initialization (bsc#1074198).
- nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
(bnc#1012382).
- NFS: reject request for id_legacy key without auxdata (bnc#1012382).
- NFS: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).
- nvme_fc: cleanup io completion (bsc#1079609).
- nvme_fc: correct abort race condition on resets (bsc#1079609).
- nvme_fc: fix abort race on teardown with lld reject (bsc#1083750).
- nvme_fc: fix ctrl create failures racing with workq items (bsc#1076982).
- nvme_fc: io timeout should defer abort to ctrl reset (bsc#1085054).
- nvme-fc: kick admin requeue list on disconnect (bsc#1077241).
- nvme_fc: minor fixes on sqsize (bsc#1076760).
- nvme_fc: on remoteport reuse, set new nport_id and role (bsc#1076760).
- nvme_fc: rework sqsize handling (bsc#1076760).
- nvme: Fix managing degraded controllers (bnc#1012382).
- nvme: Fix setting logical block format when revalidating (bsc#1079313).
- nvme: only start KATO if the controller is live (bsc#1083387).
- nvme-pci: clean up CMB initialization (bsc#1082979).
- nvme-pci: clean up SMBSZ bit definitions (bsc#1082979).
- nvme-pci: consistencly use ctrl->device for logging (bsc#1082979).
- nvme-pci: fix typos in comments (bsc#1082979).
- nvme-pci: Remap CMB SQ entries on every controller reset (bsc#1082979).
- nvme-pci: Use PCI bus address for data/queues in CMB (bsc#1082979).
- nvme: Quirks for PM1725 controllers (bsc#1082979).
- nvme_rdma: clear NVME_RDMA_Q_LIVE bit if reconnect fails (bsc#1083770).
- nvme-rdma: fix concurrent reset and reconnect (bsc#1082979).
- nvme: remove nvme_revalidate_ns (bsc#1079313).
- ocfs2: return error when we attempt to access a dirty bh in jbd2
(bsc#1070404).
- openvswitch: fix the incorrect flow action alloc size (bnc#1012382).
- ovl: fix failure to fsync lower dir (bnc#1012382).
- ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).
- ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).
- ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).
- PCI/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).
- PCI: hv: Do not sleep in compose_msi_msg() (fate#315887, bsc#1082632).
- PCI: keystone: Fix interrupt-controller-node lookup (bnc#1012382).
- PCI/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs
(bsc#1082979).
- perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).
- perf top: Fix window dimensions change handling (bnc#1012382).
- perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
(bnc#1012382).
- pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).
- pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).
- platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
(bnc#1012382).
- PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).
- PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).
- posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).
- power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).
- powerpc/64: Fix flush_(d|i)cache_range() called from modules
(FATE#315275 LTC#103998 bnc#1012382 bnc#863764).
- powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
(bnc#1012382).
- powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,
bsc#1075087).
- powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).
- powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022,
bsc#1081514).
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
(bsc#1081512).
- powerpc/numa: Use ibm,max-associativity-domains to discover possible
nodes (FATE#322022, bsc#1081514).
- powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).
- powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers
(bsc#1066223).
- powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
(bsc#1066223).
- powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc/pseries: Fix cpu hotplug crash with memoryless nodes
(FATE#322022, bsc#1081514).
- powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,
bsc#1075087).
- powerpc: Simplify module TOC handling (bnc#1012382).
- power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
(bnc#1012382).
- profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).
- Provide a function to create a NUL-terminated string from unterminated
data (bnc#1012382).
- pwc: hide unused label (bnc#1012382).
- qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).
- qla2xxx: Add FC-NVMe abort processing (bsc#1084427).
- qla2xxx: asynchronous pci probing (bsc#1034503).
- qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427).
- qla2xxx: Convert QLA_TGT_ABTS to TARGET_SCF_LOOKUP_LUN_FROM_TAG
(bsc#1043726,FATE#324770).
- qla2xxx: do not check login_state if no loop id is assigned
(bsc#1081681).
- qla2xxx: ensure async flags are reset correctly (bsc#1081681).
- qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).
- qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).
- qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)
(bsc#1043726,FATE#324770).
- qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427).
- qla2xxx: Fix NVMe entry_type for iocb packet on BE system
(bsc#1043726,FATE#324770).
- qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).
- qla2xxx: Fixup locking for session deletion (bsc#1081681).
- qla2xxx: Remove nvme_done_list (bsc#1084427).
- qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe
(bsc#1084427).
- qla2xxx: remove use of FC-specific error codes (bsc#1043726,FATE#324770).
- qla2xxx: Restore ZIO threshold setting (bsc#1084427).
- qla2xxx: Return busy if rport going away (bsc#1084427).
- qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote()
(bsc#1084427).
- qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).
- qlax2xxx: Drop SUSE-specific qla2xxx patches (bsc#1043726)
- qlcnic: fix deadlock bug (bnc#1012382).
- r8169: fix RTL8168EP take too long to complete driver initialization
(bnc#1012382).
- RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382).
- RDMA/uverbs: Protect from command mask overflow (bsc#1082979).
- reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).
- Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).
- Revert "bpf: avoid false sharing of map refcount with max_entries"
(kabi).
- Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi).
- Revert "net: replace dst_cache ip6_tunnel implementation with the
generic one" (kabi bnc#1082897).
- Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
(bnc#1012382).
- Revert "powerpc: Simplify module TOC handling" (kabi).
- Revert SUSE-specific qla2xxx patch 'Add module parameter for interrupt
mode' (bsc#1043726)
- Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"
- Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"
- rfi-flush: Move the logic to avoid a redo into the debugfs code
(bsc#1068032, bsc#1075087).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,
bsc#1075087).
- rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).
- rtc-opal: Fix handling of firmware error codes, prevent busy loops
(bnc#1012382).
- rtlwifi: fix gcc-6 indentation warning (bnc#1012382).
- rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).
- s390: add no-execute support (FATE#324087, LTC#158827).
- s390/dasd: fix handling of internal requests (bsc#1080321).
- s390/dasd: fix wrongly assigned configuration data (bnc#1012382).
- s390/dasd: prevent prefix I/O error (bnc#1012382).
- s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).
- s390: hypfs: Move diag implementation and data definitions (FATE#324070,
LTC#158959).
- s390: kvm: Cpu model support for msa6, msa7 and msa8 (FATE#324069,
LTC#159031).
- s390: Make cpc_name accessible (FATE#324070, LTC#158959).
- s390: Make diag224 public (FATE#324070, LTC#158959).
- s390/mem_detect: use unsigned longs (FATE#324071, LTC#158956).
- s390/mm: align swapper_pg_dir to 16k (FATE#324087, LTC#158827).
- s390/mm: always use PAGE_KERNEL when mapping pages (FATE#324087,
LTC#158827).
- s390/noexec: execute kexec datamover without DAT (FATE#324087,
LTC#158827).
- s390/oprofile: fix address range for asynchronous stack (bsc#1082979).
- s390/pageattr: allow kernel page table splitting (FATE#324087,
LTC#158827).
- s390/pageattr: avoid unnecessary page table splitting (FATE#324087,
LTC#158827).
- s390/pageattr: handle numpages parameter correctly (FATE#324087,
LTC#158827).
- s390/pci_dma: improve lazy flush for unmap (bnc#1079886, LTC#163393).
- s390/pci_dma: improve map_sg (bnc#1079886, LTC#163393).
- s390/pci_dma: make lazy flush independent from the tlb_refresh bit
(bnc#1079886, LTC#163393).
- s390/pci_dma: remove dma address range check (bnc#1079886, LTC#163393).
- s390/pci_dma: simplify dma address calculation (bnc#1079886, LTC#163393).
- s390/pci_dma: split dma_update_trans (bnc#1079886, LTC#163393).
- s390/pci: fix dma address calculation in map_sg (bnc#1079886,
LTC#163393).
- s390/pci: handle insufficient resources during dma tlb flush
(bnc#1079886, LTC#163393).
- s390/pgtable: introduce and use generic csp inline asm (FATE#324087,
LTC#158827).
- s390/pgtable: make pmd and pud helper functions available (FATE#324087,
LTC#158827).
- s390/qeth: fix underestimated count of buffer elements (bnc#1082089,
LTC#164529).
- s390: report new vector facilities (FATE#324088, LTC#158828).
- s390/sclp: Add hmfai field (FATE#324071, LTC#158956).
- s390/vmem: align segment and region tables to 16k (FATE#324087,
LTC#158827).
- s390/vmem: introduce and use SEGMENT_KERNEL and REGION3_KERNEL
(FATE#324087, LTC#158827).
- s390/vmem: simplify vmem code for read-only mappings (FATE#324087,
LTC#158827).
- sched/rt: Up the root domain ref count when passing it around via IPIs
(bnc#1012382).
- sched/rt: Use container_of() to get root domain in
rto_push_irq_work_func() (bnc#1012382).
- scripts/kernel-doc: Do not fail with status != 0 if error encountered
with -none (bnc#1012382).
- scsi: aacraid: Fix hang in kdump (bsc#1022607, FATE#321673).
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
path (bnc#1012382).
- scsi: advansys: fix build warning for PCI=n (bnc#1012382).
- scsi: advansys: fix uninitialized data access (bnc#1012382).
- scsi: do not look for NULL devices handlers by name (bsc#1082373).
- scsi: fas216: fix sense buffer initialization (bsc#1082979).
- scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).
- scsi: hisi_sas: directly attached disk LED feature for v2 hw
(bsc#1083409).
- scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
(bnc#1012382).
- SCSI: initio: remove duplicate module device table (bnc#1012382
bsc#1082979).
- SCSI: initio: remove duplicate module device table (bsc#1082979).
- scsi: libsas: fix error when getting phy events (bsc#1082979).
- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (bsc#1082979).
- scsi: lpfc: Add WQ Full Logic for NVME Target (bsc#1080656).
- scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target
(bsc#1080656).
- scsi: lpfc: Beef up stat counters for debug (bsc#1076693).
- scsi: lpfc: correct debug counters for abort (bsc#1080656).
- scsi: lpfc: do not dereference localport before it has been null checked
(bsc#1076693).
- scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function
(bsc#1082979).
- scsi: lpfc: fix a couple of minor indentation issues (bsc#1076693).
- scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv
(bsc#1076693).
- scsi: lpfc: Fix header inclusion in lpfc_nvmet (bsc#1080656).
- scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port
(bsc#1076693).
- scsi: lpfc: Fix IO failure during hba reset testing with nvme io
(bsc#1080656).
- scsi: lpfc: Fix issue_lip if link is disabled (bsc#1080656).
- scsi: lpfc: Fix issues connecting with nvme initiator (bsc#1076693).
- scsi: lpfc: Fix nonrecovery of NVME controller after cable swap
(bsc#1080656).
- scsi: lpfc: Fix PRLI handling when topology type changes (bsc#1080656).
- scsi: lpfc: Fix receive PRLI handling (bsc#1076693).
- scsi: lpfc: Fix RQ empty firmware trap (bsc#1080656).
- scsi: lpfc: Fix SCSI io host reset causing kernel crash (bsc#1080656).
- scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled
(bsc#1076693).
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
(bsc#1080656).
- scsi: lpfc: Increase CQ and WQ sizes for SCSI (bsc#1080656).
- scsi: lpfc: Increase SCSI CQ and WQ sizes (bsc#1076693).
- scsi: lpfc: Indicate CONF support in NVMe PRLI (bsc#1080656).
- scsi: lpfc: move placement of target destroy on driver detach
(bsc#1080656).
- scsi: lpfc: Treat SCSI Write operation Underruns as an error
(bsc#1080656).
- scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright
(bsc#1080656).
- scsi: lpfc: update driver version to 11.4.0.6 (bsc#1076693).
- scsi: lpfc: update driver version to 11.4.0.7 (bsc#1080656).
- scsi: lpfc: Validate adapter support for SRIU option (bsc#1080656).
- scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).
- scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT
passthrough commands (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Accelerate SCSI BUSY status generation in target mode
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add ability to autodetect SFP type
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ability to send PRLO (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ability to use GPNFT/GNNFT for RSCN handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ATIO-Q processing for INTx mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add boundary checks for exchanges to be offloaded
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add command completion for error path
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add debug knob for user control workload
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add debug logging routine for qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Added change to enable ZIO for FC-NVMe devices
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe command handling (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add FC-NVMe port discovery and PRLI handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add function call to qpair for door bell
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add fw_started flags to qpair (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add lock protection around host lookup
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add LR distance support from nvram bit
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: add missing includes for qla_isr
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add option for use reserve exch for ELS
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add ql2xiniexchg parameter (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Add retry limit for fabric scan logic
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add support for minimum link speed
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add switch command to simplify fabric discovery
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add timeout ability to wait_for_sess_deletion()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Add XCB counters to debugfs (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port
states (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow relogin and session creation after reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow SNS fabric login to be retried
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Allow target mode to accept PRLI in dual mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: avoid unused-function warning (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Change ha->wq max_active value to default
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Changes to support N2N logins (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Chip reset uses wrong lock during IO flush
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Cleanup FC-NVMe code (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Cleanup NPIV host in target mode during config teardown
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Clear fc4f_nvme flag (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Clear loop id after delete (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Combine Active command arrays (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Convert 32-bit LUN usage to 64-bit
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Defer processing of GS IOCB calls
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Delay loop id allocation at login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Do not call abort handler function during chip reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Do not call dma_free_coherent with IRQ disabled
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: do not include <generated/utsrelease.h>
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Enable Async TMF processing (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Enable ATIO interrupt handshake for ISP27XX
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Enable Target Multi Queue (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,
bsc#966328).
- scsi: qla2xxx: fix a bunch of typos and spelling mistakes
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()
(bsc#1082979).
- scsi: qla2xxx: Fix compile warning (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix FC-NVMe LUN discovery (bsc#1083223).
- scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange
Offload (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix GPNFT/GNNFT error handling (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix gpnid error processing (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix incorrect handle for abort IOCB (bsc#1082979).
- scsi: qla2xxx: Fix login state machine freeze (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix login state machine stuck at GPDB
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix mailbox failure while deleting Queue pairs
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Fix memory leak in dual/target mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NPIV host cleanup in target mode
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NPIV host enable after chip reset
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NULL pointer access for fcport structure
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
(bsc#1082979).
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix oops in qla2x00_probe_one error path
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix PRLI state check (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix queue ID for async abort with Multiqueue
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix recursion while sending terminate exchange
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix Relogin being triggered too fast
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix re-login for Nport Handle in use
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix remoteport disconnect for FC-NVMe
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix scan state field for fcport (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix session cleanup for N2N (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix slow mem alloc behind lock (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: fix spelling mistake of variable sfp_additonal_info
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash for Notify ack timeout handling
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system crash while triggering FW dump
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix system panic due to pointer access problem
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix target multiqueue configuration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix task mgmt handling for NPIV (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning during port_name debug print
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning for code intentation in
__qla24xx_handle_gpdb_event() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Fix WWPN/WWNN in debug message (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Handle PCIe error for driver (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Increase ql2xmaxqdepth to 64 (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Increase verbosity of debug messages logged
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Migrate switch registration commands away from mailbox
interface (bsc#1043726,FATE#324770).
- scsi: qla2xxx: move fields from qla_hw_data to qla_qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Move function prototype to correct header
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move logging default mask to execute once only
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move session delete to driver work queue
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Move target stat counters from vha to qpair
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Move work element processing out of DPC thread
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Off by one in qlt_ctio_to_cmd() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Preparation for Target MQ (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Prevent multiple active discovery commands per session
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Prevent relogin trigger from sending too many commands
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Prevent sp->free null/uninitialized pointer dereference
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Print correct mailbox registers in failed summary
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Properly extract ADISC error codes
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Protect access to qpair members with qpair->qp_lock
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Query FC4 type during RSCN processing
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Recheck session state after RSCN (bsc#1043726,FATE#324770)
- scsi: qla2xxx: Reduce the use of terminate exchange
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reduce trace noise for Async Events
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reinstate module parameter ql2xenablemsix
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Relogin to target port on a cable swap
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout
(FATE#320146, bsc#966328).
- scsi: qla2xxx: Remove an unused structure member
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove datasegs_per_cmd and datasegs_per_cont field
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove extra register read (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove extra register read (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery
(bsc#1084397).
- scsi: qla2xxx: Remove potential macro parameter side-effect in
ql_dump_regs() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: remove redundant assignment of d
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: remove redundant null check on tgt
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove redundant wait when target is stopped
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove session creation redundant code
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove unused argument from
qlt_schedule_sess_for_deletion() (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Remove unused irq_cmd_count field
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Remove unused tgt_enable_64bit_addr flag
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: remove writeq/readq function definitions
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Replace GPDB with async ADISC command
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Reset the logo flag, after target re-login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Retry switch command on time out
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Send FC4 type NVMe to the management server
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize GPNID for multiple RSCN
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize session deletion by using work_lock
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Serialize session free in qlt_free_session_done
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Skip IRQ affinity for Target QPairs
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Skip zero queue count entry during FW dump capture
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Tweak resource count dump (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update Driver version to 10.00.00.00-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.01-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.02-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.03-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.04-k
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Update driver version to 10.00.00.05-k (bsc#1081681).
- scsi: qla2xxx: Update driver version to 9.01.00.00-k
(bsc#1043725,FATE#324770).
- scsi: qla2xxx: Update fw_started flags at qpair creation
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch
(bsc#1043726,FATE#324770)
- scsi: qla2xxx: Use chip reset to bring down laser on unload
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: use dma_mapping_error to check map errors
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use FC-NVMe FC4 type for FDMI registration
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use IOCB path to submit Control VP MBX command
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use known NPort ID for Management Server login
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use ql2xnvmeenable to enable Q-Pair for FC-NVMe
(bsc#1043726,FATE#324770).
- scsi: qla2xxx: use shadow register for ISP27XX (bsc#1043725,FATE#324770).
- scsi: qla2xxx: Use shadow register for ISP27XX (bsc#1043726,FATE#324770).
- scsi: qla2xxx: Use sp->free instead of hard coded call
(bsc#1043726,FATE#324770).
- scsi: ses: do not get power status of SES device slot on probe
(bsc#1082979).
- scsi: sim710: fix build warning (bnc#1012382).
- scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
(bnc#1012382).
- scsi: storvsc: remove unnecessary channel inbound lock (fate#315887,
bsc#1082632).
- scsi: sun_esp: fix device reference leaks (bsc#1082979).
- scsi: tcm_qla2xxx: Do not allow aborted cmd to advance
(bsc#1043725,FATE#324770).
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
ufshcd_config_vreg (bnc#1012382).
- sctp: make use of pre-calculated len (bnc#1012382).
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core() (bnc#1012382).
- selinux: general protection fault in sock_has_perm (bnc#1012382).
- selinux: skip bounded transition processing if the policy isn't loaded
(bnc#1012382).
- serial: 8250_mid: fix broken DMA dependency (bnc#1012382).
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
(bsc#1031717).
- serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
(bnc#1012382).
- series.conf: disable qla2xxx patches (bsc#1043725)
- sget(): handle failures of register_shrinker() (bnc#1012382).
- signal/openrisc: Fix do_unaligned_access to send the proper signal
(bnc#1012382).
- signal/sh: Ensure si_signo is initialized in do_divide_error
(bnc#1012382).
- SolutionEngine771x: fix Ether platform data (bnc#1012382).
- spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).
- spi: imx: do not access registers while clocks disabled (bnc#1012382).
- spi: sun4i: disable clocks in the remove function (bnc#1012382).
- ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).
- staging: android: ashmem: Fix a race condition in pin ioctls
(bnc#1012382).
- staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).
- staging: ste_rmi4: avoid unused function warnings (bnc#1012382).
- staging: unisys: visorinput depends on INPUT (bnc#1012382).
- staging: wilc1000: fix kbuild test robot error (bnc#1012382).
- SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382).
- target: Add support for TMR percpu reference counting
(bsc#1043726,FATE#324770).
- target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK
(bsc#1043726,FATE#324770).
- tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).
- tc358743: fix register i2c_rd/wr function fix (git-fixes).
- tc358743: fix register i2c_rd/wr functions (bnc#1012382).
- tcp: do not set rtt_min to 1 (bsc#1042286).
- tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).
- test_bpf: fix the dummy skb after dissector changes (bsc#1042286).
- tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).
- tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).
- thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).
- thermal: spear: use __maybe_unused for PM functions (bnc#1012382).
- tlan: avoid unused label with PCI=n (bnc#1012382).
- tools build: Add tools tree support for 'make -s' (bnc#1012382).
- tpm-dev-common: Reject too short writes (bsc#1020645, git-fixes).
- tpm: fix potential buffer overruns caused by bit glitches on the bus
(bsc#1020645, git-fixes).
- tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches
on the bus (bsc#1020645, git-fixes).
- tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on
the bus (bsc#1020645, git-fixes).
- tpm: st33zp24: fix potential buffer overruns caused by bit glitches on
the bus (bsc#1020645, git-fixes).
- tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
(bsc#1020645, git-fixes).
- tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).
- tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).
- tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).
- ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).
- udp: restore UDPlite many-cast delivery (bsc#1042286).
- usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).
- USB: cdc-acm: Do not log urb submission errors on disconnect
(bnc#1012382).
- USB: cdc_subset: only build when one driver is enabled (bnc#1012382).
- usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).
- usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).
- usb: gadget: do not dereference g until after it has been null checked
(bnc#1012382).
- usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).
- usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).
- usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
(bnc#1012382).
- usbip: keep usbip_device sockfd state in sync with tcp_socket
(bnc#1012382).
- usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).
- usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).
- usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).
- usb: ldusb: add PIDs for new CASSY devices supported by this driver
(bnc#1012382).
- usb: musb/ux500: remove duplicate check for dma_is_compatible
(bnc#1012382).
- usb: ohci: Proper handling of ed_rm_list to handle race condition
between usb_kill_urb() and finish_unlinks() (bnc#1012382).
- usb: option: Add support for FS040U modem (bnc#1012382).
- usb: phy: msm add regulator dependency (bnc#1012382).
- usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
(bnc#1012382).
- USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).
- USB: serial: pl2303: new device id for Chilitag (bnc#1012382).
- USB: serial: simple: add Motorola Tetra driver (bnc#1012382).
- usb: uas: unconditionally bring back host after reset (bnc#1012382).
- v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).
- vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).
- vfs: do not do RCU lookup of empty pathnames (bnc#1012382).
- vhost_net: stop device during reset owner (bnc#1012382).
- video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).
- video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).
- video: fbdev: sis: remove unused variable (bnc#1012382).
- video: fbdev: via: remove possibly unused variables (bnc#1012382).
- video: Use bool instead int pointer for get_opt_bool() argument
(bnc#1012382).
- virtio_balloon: prevent uninitialized variable use (bnc#1012382).
- vmbus: add per-channel sysfs info (fate#315887, bsc#1082632).
- vmbus: add prefetch to ring buffer iterator (fate#315887, bsc#1082632).
- vmbus: do not acquire the mutex in vmbus_hvsock_device_unregister()
(fate#315887, bsc#1082632).
- vmbus: drop unused ring_buffer_info elements (fate#315887, bsc#1082632).
- vmbus: eliminate duplicate cached index (fate#315887, bsc#1082632).
- vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister()
(fate#315887, bsc#1082632).
- vmbus: initialize reserved fields in messages (fate#315887, bsc#1082632).
- vmbus: make channel_message table constant (fate#315887, bsc#1082632).
- vmbus: more host signalling avoidance (fate#315887, bsc#1082632).
- vmbus: refactor hv_signal_on_read (fate#315887, bsc#1082632).
- vmbus: remove unused vmbus_sendpacket_ctl (fate#315887, bsc#1082632).
- vmbus: remove unused vmbus_sendpacket_multipagebuffer (fate#315887,
bsc#1082632).
- vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl (fate#315887,
bsc#1082632).
- vmbus: Reuse uuid_le_to_bin() helper (fate#315887, bsc#1082632).
- vmbus: simplify hv_ringbuffer_read (fate#315887, bsc#1082632).
- vmbus: unregister device_obj->channels_kset (fate#315887, bsc#1082632).
- vmxnet3: prevent building with 64K pages (bnc#1012382).
- vxlan: consolidate csum flag handling (bsc#1042286).
- vxlan: consolidate output route calculation (bsc#1042286).
- vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).
- vxlan: do not allow overwrite of config src addr (bsc#1042286).
- watchdog: imx2_wdt: restore previous timeout after suspend+resume
(bnc#1012382).
- wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).
- x86: add MULTIUSER dependency for KVM (bnc#1012382).
- x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).
- x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).
- x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).
- x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).
- x86/build: Silence the build with "make -s" (bnc#1012382).
- x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).
- x86/cpu: Change type of x86_cache_size variable to unsigned int
(bnc#1012382).
- x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
(bsc#1077560).
- x86/entry/64: Use a per-CPU trampoline stack for IDT entries
(bsc#1077560).
- x86: fix build warnign with 32-bit PAE (bnc#1012382).
- x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).
- x86/hyperv: Implement hv_get_tsc_page() (fate#315887, bsc#1082632).
- x86/hyper-v: include hyperv/ only when CONFIG_HYPERV is set
(fate#315887, bsc#1082632).
- x86/hyper-v: Introduce fast hypercall implementation (fate#315887,
bsc#1082632).
- x86/hyper-v: Make hv_do_hypercall() inline (fate#315887, bsc#1082632).
- x86/hyperv: Move TSC reading method to asm/mshyperv.h (fate#315887,
bsc#1082632).
- x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
(bnc#1012382).
- x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
running nested (bsc#1081431).
- x86/mce: Pin the timer when modifying (bsc#1080851,1076282).
- x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
preemptibility bug (bnc#1012382).
- x86/microcode/AMD: Do not load when running on a hypervisor
(bnc#1012382).
- x86/microcode/AMD: Do not load when running on a hypervisor (bsc#1081436
bsc#1081437).
- x86/microcode: Do the family check first (bnc#1012382).
- x86/microcode: Do the family check first (bsc#1081436 bsc#1081437).
- x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).
- x86/mm/pkeys: Fix fill_sig_info_pkey (fate#321300).
- x86/nospec: Fix header guards names (bnc#1012382).
- x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).
- x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).
- x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).
- x86/platform/olpc: Fix resume handler build warning (bnc#1012382).
- x86/pti: Make unpoison of pgd for trusted boot work for real
(bnc#1012382).
- x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).
- x86/retpoline: Avoid retpolines for built-in __init functions
(bnc#1012382).
- x86/retpoline/hyperv: Convert assembler indirect jumps (fate#315887,
bsc#1082632).
- x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).
- x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).
- x86/spectre: Fix an error message (git-fixes).
- x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
(bnc#1012382).
- x86/spectre: Remove the out-of-tree RSB stuffing
- x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
(bnc#1012382).
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).
- xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).
- xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).
- xen-netfront: enable device after manual module load (bnc#1012382).
- xen-netfront: remove warning when unloading module (bnc#1012382).
- xen: XEN_ACPI_PROCESSOR is Dom0-only (bnc#1012382).
- xfrm: check id proto in validate_tmpl() (bnc#1012382).
- xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies
(bnc#1012382).
- xfrm_user: propagate sec ctx allocation errors (bsc#1042286).
- xfs: do not chain ioends during writepage submission (bsc#1077285
bsc#1043441).
- xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).
- xfs: Introduce writeback context for writepages (bsc#1077285
bsc#1043441).
- xfs: ioends require logically contiguous file offsets (bsc#1077285
bsc#1043441).
- xfs: quota: check result of register_shrinker() (bnc#1012382).
- xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).
- xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285
bsc#1043441).
- xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).
- xfs: stop searching for free slots in an inode chunk when there are none
(bsc#1072739).
- xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).
- xfs: ubsan fixes (bnc#1012382).
- xfs: write unmount record for ro mounts (bsc#1073401).
- xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).
- xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).
- zram: fix operator precedence to get offset (bsc#1082979).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-292=1
Package List:
- openSUSE Leap 42.3 (noarch):
kernel-devel-4.4.120-45.1
kernel-docs-4.4.120-45.2
kernel-docs-html-4.4.120-45.2
kernel-docs-pdf-4.4.120-45.2
kernel-macros-4.4.120-45.1
kernel-source-4.4.120-45.1
kernel-source-vanilla-4.4.120-45.1
- openSUSE Leap 42.3 (x86_64):
kernel-debug-4.4.120-45.1
kernel-debug-base-4.4.120-45.1
kernel-debug-base-debuginfo-4.4.120-45.1
kernel-debug-debuginfo-4.4.120-45.1
kernel-debug-debugsource-4.4.120-45.1
kernel-debug-devel-4.4.120-45.1
kernel-debug-devel-debuginfo-4.4.120-45.1
kernel-default-4.4.120-45.1
kernel-default-base-4.4.120-45.1
kernel-default-base-debuginfo-4.4.120-45.1
kernel-default-debuginfo-4.4.120-45.1
kernel-default-debugsource-4.4.120-45.1
kernel-default-devel-4.4.120-45.1
kernel-obs-build-4.4.120-45.2
kernel-obs-build-debugsource-4.4.120-45.2
kernel-obs-qa-4.4.120-45.1
kernel-syms-4.4.120-45.1
kernel-vanilla-4.4.120-45.1
kernel-vanilla-base-4.4.120-45.1
kernel-vanilla-base-debuginfo-4.4.120-45.1
kernel-vanilla-debuginfo-4.4.120-45.1
kernel-vanilla-debugsource-4.4.120-45.1
kernel-vanilla-devel-4.4.120-45.1
kselftests-kmp-debug-4.4.120-45.1
kselftests-kmp-debug-debuginfo-4.4.120-45.1
kselftests-kmp-default-4.4.120-45.1
kselftests-kmp-default-debuginfo-4.4.120-45.1
kselftests-kmp-vanilla-4.4.120-45.1
kselftests-kmp-vanilla-debuginfo-4.4.120-45.1
References:
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-15951.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-17975.html
https://www.suse.com/security/cve/CVE-2017-18174.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2018-1000026.html
https://www.suse.com/security/cve/CVE-2018-1068.html
https://www.suse.com/security/cve/CVE-2018-8087.html
https://bugzilla.suse.com/1006867
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1015343
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1022607
https://bugzilla.suse.com/1027054
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1033587
https://bugzilla.suse.com/1034503
https://bugzilla.suse.com/103998_FIXME
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1043441
https://bugzilla.suse.com/1043725
https://bugzilla.suse.com/1043726
https://bugzilla.suse.com/1062840
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065615
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068569
https://bugzilla.suse.com/1069135
https://bugzilla.suse.com/1070404
https://bugzilla.suse.com/1071306
https://bugzilla.suse.com/1071892
https://bugzilla.suse.com/1072363
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072739
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1073401
https://bugzilla.suse.com/1073407
https://bugzilla.suse.com/1074198
https://bugzilla.suse.com/1074426
https://bugzilla.suse.com/1075087
https://bugzilla.suse.com/1076282
https://bugzilla.suse.com/1076693
https://bugzilla.suse.com/1076760
https://bugzilla.suse.com/1076982
https://bugzilla.suse.com/1077241
https://bugzilla.suse.com/1077285
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1078583
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1079029
https://bugzilla.suse.com/1079038
https://bugzilla.suse.com/1079313
https://bugzilla.suse.com/1079384
https://bugzilla.suse.com/1079609
https://bugzilla.suse.com/1079886
https://bugzilla.suse.com/1079989
https://bugzilla.suse.com/1080014
https://bugzilla.suse.com/1080263
https://bugzilla.suse.com/1080321
https://bugzilla.suse.com/1080344
https://bugzilla.suse.com/1080364
https://bugzilla.suse.com/1080384
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080533
https://bugzilla.suse.com/1080656
https://bugzilla.suse.com/1080774
https://bugzilla.suse.com/1080813
https://bugzilla.suse.com/1080851
https://bugzilla.suse.com/1081134
https://bugzilla.suse.com/1081431
https://bugzilla.suse.com/1081436
https://bugzilla.suse.com/1081437
https://bugzilla.suse.com/1081491
https://bugzilla.suse.com/1081498
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/1081512
https://bugzilla.suse.com/1081514
https://bugzilla.suse.com/1081681
https://bugzilla.suse.com/1081735
https://bugzilla.suse.com/1082089
https://bugzilla.suse.com/1082223
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1082373
https://bugzilla.suse.com/1082478
https://bugzilla.suse.com/1082632
https://bugzilla.suse.com/1082795
https://bugzilla.suse.com/1082864
https://bugzilla.suse.com/1082897
https://bugzilla.suse.com/1082979
https://bugzilla.suse.com/1082993
https://bugzilla.suse.com/1083048
https://bugzilla.suse.com/1083086
https://bugzilla.suse.com/1083223
https://bugzilla.suse.com/1083387
https://bugzilla.suse.com/1083409
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1083548
https://bugzilla.suse.com/1083750
https://bugzilla.suse.com/1083770
https://bugzilla.suse.com/1084041
https://bugzilla.suse.com/1084397
https://bugzilla.suse.com/1084427
https://bugzilla.suse.com/1084610
https://bugzilla.suse.com/1084772
https://bugzilla.suse.com/1084888
https://bugzilla.suse.com/1084926
https://bugzilla.suse.com/1084928
https://bugzilla.suse.com/1084967
https://bugzilla.suse.com/1085011
https://bugzilla.suse.com/1085015
https://bugzilla.suse.com/1085045
https://bugzilla.suse.com/1085047
https://bugzilla.suse.com/1085050
https://bugzilla.suse.com/1085053
https://bugzilla.suse.com/1085054
https://bugzilla.suse.com/1085056
https://bugzilla.suse.com/1085107
https://bugzilla.suse.com/1085224
https://bugzilla.suse.com/1085239
https://bugzilla.suse.com/863764
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966328
https://bugzilla.suse.com/975772
https://bugzilla.suse.com/983145
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0780-1: important: Security update for qemu
by opensuse-security@opensuse.org 22 Mar '18
by opensuse-security@opensuse.org 22 Mar '18
22 Mar '18
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0780-1
Rating: important
References: #1040202 #1068032 #1068613 #1070144 #1071228
#1073489 #1074572 #1076114 #1076775 #1076813
#1082276 #1083291
Cross-References: CVE-2017-15119 CVE-2017-15124 CVE-2017-16845
CVE-2017-17381 CVE-2017-18043 CVE-2017-5715
CVE-2018-5683 CVE-2018-7550
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has four fixes
is now available.
Description:
This update for qemu fixes the following issues:
This update has the next round of Spectre v2 related patches, which now
integrate with corresponding changes in libvirt. (CVE-2017-5715
bsc#1068032)
The January 2018 release of qemu initially addressed the Spectre v2
vulnerability for KVM guests by exposing the spec-ctrl feature for all x86
vcpu types, which was the quick and dirty approach, but not the proper
solution.
We replaced our initial patch by the patches from upstream.
This update defines spec_ctrl and ibpb cpu feature flags as well as new
cpu models which are clones of existing models with either -IBRS or -IBPB
added to the end of the model name. These new vcpu models explicitly
include the new feature(s), whereas the feature flags can be added to the
cpu parameter as with other features. In short, for continued Spectre v2
protection, ensure that either the appropriate cpu feature flag is added
to the QEMU command-line, or one of the new cpu models is used.
Although migration from older versions is supported, the new cpu features
won't be properly exposed to the guest until it is restarted with the cpu
features explicitly added. A reboot is insufficient.
A warning patch is added which attempts to detect a migration from a qemu
version which had the quick and dirty fix (it only detects certain cases,
but hopefully is helpful.) For additional information on Spectre v2 as it
relates to QEMU, see:
https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
A patch is added to continue to detect Spectre v2 mitigation features (as
shown by cpuid), and if found provide that feature to guests, even if
running on older KVM (kernel) versions which do not yet expose that
feature to QEMU. (bsc#1082276)
These two patches will be removed when we can reasonably assume everyone
is running with the appropriate updates.
Spectre fixes for IBM Z Series were included by providing more hw features
to guests (bsc#1076813)
Also security fixes for the following CVE issues are included:
- CVE-2017-17381: The Virtio Vring implementation in QEMU allowed local OS
guest users to cause a denial of service (divide-by-zero error and QEMU
process crash) by unsetting vring alignment while updating Virtio rings.
(bsc#1071228)
- CVE-2017-16845: The PS2 driver in Qemu did not validate 'rptr' and
'count' values during guest migration, leading to out-of-bounds access.
(bsc#1068613)
- CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator
(QEMU), was vulnerable to a denial of service issue. It could occur if a
client sent large option requests, making the server waste CPU time on
reading up to 4GB per request. A client could use this flaw to keep the
NBD server from serving other requests, resulting in DoS. (bsc#1070144)
- CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick
Emulator (Qemu) allowed a user to cause a denial of service (Qemu
process crash). (bsc#1076775)
- CVE-2018-5683: The VGA driver in Qemu allowed local OS guest privileged
users to cause a denial of service (out-of-bounds read and QEMU process
crash) by leveraging improper memory address validation. (bsc#1076114)
- CVE-2018-7550: The multiboot functionality in Quick Emulator (aka QEMU)
allowed local guest OS users to execute arbitrary code on the QEMU host
via an out-of-bounds read or write memory access. (bsc#1083291)
- CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) was
found to be vulnerable to an unbounded memory allocation issue, as it
did not throttle the framebuffer updates sent to its client. If the
client did not consume these updates, VNC server allocates growing
memory to hold onto this data. A malicious remote VNC client could use
this flaw to cause DoS to the server host. (bsc#1073489)
Additional bugs fixed:
- Fix pcihp for 1.6 and older machine types (bsc#1074572)
- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-291=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
qemu-linux-user-2.9.1-41.1
qemu-linux-user-debuginfo-2.9.1-41.1
qemu-linux-user-debugsource-2.9.1-41.1
- openSUSE Leap 42.3 (noarch):
qemu-ipxe-1.0.0-41.1
qemu-seabios-1.10.2-41.1
qemu-sgabios-8-41.1
qemu-vgabios-1.10.2-41.1
- openSUSE Leap 42.3 (x86_64):
qemu-2.9.1-41.1
qemu-arm-2.9.1-41.1
qemu-arm-debuginfo-2.9.1-41.1
qemu-block-curl-2.9.1-41.1
qemu-block-curl-debuginfo-2.9.1-41.1
qemu-block-dmg-2.9.1-41.1
qemu-block-dmg-debuginfo-2.9.1-41.1
qemu-block-iscsi-2.9.1-41.1
qemu-block-iscsi-debuginfo-2.9.1-41.1
qemu-block-rbd-2.9.1-41.1
qemu-block-rbd-debuginfo-2.9.1-41.1
qemu-block-ssh-2.9.1-41.1
qemu-block-ssh-debuginfo-2.9.1-41.1
qemu-debugsource-2.9.1-41.1
qemu-extra-2.9.1-41.1
qemu-extra-debuginfo-2.9.1-41.1
qemu-guest-agent-2.9.1-41.1
qemu-guest-agent-debuginfo-2.9.1-41.1
qemu-ksm-2.9.1-41.1
qemu-kvm-2.9.1-41.1
qemu-lang-2.9.1-41.1
qemu-ppc-2.9.1-41.1
qemu-ppc-debuginfo-2.9.1-41.1
qemu-s390-2.9.1-41.1
qemu-s390-debuginfo-2.9.1-41.1
qemu-testsuite-2.9.1-41.1
qemu-tools-2.9.1-41.1
qemu-tools-debuginfo-2.9.1-41.1
qemu-x86-2.9.1-41.1
qemu-x86-debuginfo-2.9.1-41.1
References:
https://www.suse.com/security/cve/CVE-2017-15119.html
https://www.suse.com/security/cve/CVE-2017-15124.html
https://www.suse.com/security/cve/CVE-2017-16845.html
https://www.suse.com/security/cve/CVE-2017-17381.html
https://www.suse.com/security/cve/CVE-2017-18043.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-5683.html
https://www.suse.com/security/cve/CVE-2018-7550.html
https://bugzilla.suse.com/1040202
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068613
https://bugzilla.suse.com/1070144
https://bugzilla.suse.com/1071228
https://bugzilla.suse.com/1073489
https://bugzilla.suse.com/1074572
https://bugzilla.suse.com/1076114
https://bugzilla.suse.com/1076775
https://bugzilla.suse.com/1076813
https://bugzilla.suse.com/1082276
https://bugzilla.suse.com/1083291
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0778-1: important: Security update for memcached
by opensuse-security@opensuse.org 22 Mar '18
by opensuse-security@opensuse.org 22 Mar '18
22 Mar '18
SUSE Security Update: Security update for memcached
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0778-1
Rating: important
References: #1007869 #1007870 #1007871 #1056865 #798458
#817781 #857188 #858676 #858677
Cross-References: CVE-2011-4971 CVE-2013-0179 CVE-2013-7239
CVE-2013-7290 CVE-2013-7291 CVE-2016-8704
CVE-2016-8705 CVE-2016-8706 CVE-2017-9951
Affected Products:
SUSE OpenStack Cloud 7
SUSE Enterprise Storage 4
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for memcached fixes the following issues:
Security issues fixed:
- CVE-2011-4971: remote DoS (bsc#817781).
- CVE-2013-0179: DoS when printing out keys to be deleted in verbose mode
(bsc#798458).
- CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache (bsc#857188).
- CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a
key (bsc#858677).
- CVE-2013-7291: remote DoS (crash) via a request that triggers "unbounded
key print" (bsc#858676).
- CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).
- CVE-2016-8705: Server update remote code execution (bsc#1007870).
- CVE-2016-8706: Server ASL authentication remote code execution
(bsc#1007869).
- CVE-2017-9951: Heap-based buffer over-read in try_read_command function
(incomplete fix for CVE-2016-8705) (bsc#1056865).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-529=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2018-529=1
Package List:
- SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
memcached-1.4.39-3.3.2
memcached-debuginfo-1.4.39-3.3.2
memcached-debugsource-1.4.39-3.3.2
- SUSE Enterprise Storage 4 (aarch64 x86_64):
memcached-1.4.39-3.3.2
memcached-debuginfo-1.4.39-3.3.2
memcached-debugsource-1.4.39-3.3.2
References:
https://www.suse.com/security/cve/CVE-2011-4971.html
https://www.suse.com/security/cve/CVE-2013-0179.html
https://www.suse.com/security/cve/CVE-2013-7239.html
https://www.suse.com/security/cve/CVE-2013-7290.html
https://www.suse.com/security/cve/CVE-2013-7291.html
https://www.suse.com/security/cve/CVE-2016-8704.html
https://www.suse.com/security/cve/CVE-2016-8705.html
https://www.suse.com/security/cve/CVE-2016-8706.html
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1007869
https://bugzilla.suse.com/1007870
https://bugzilla.suse.com/1007871
https://bugzilla.suse.com/1056865
https://bugzilla.suse.com/798458
https://bugzilla.suse.com/817781
https://bugzilla.suse.com/857188
https://bugzilla.suse.com/858676
https://bugzilla.suse.com/858677
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2018:0762-1: important: Security update for qemu
by opensuse-security@opensuse.org 21 Mar '18
by opensuse-security@opensuse.org 21 Mar '18
21 Mar '18
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0762-1
Rating: important
References: #1040202 #1068032 #1068613 #1070144 #1071228
#1073489 #1074572 #1076114 #1076775 #1076813
#1082276 #1083291
Cross-References: CVE-2017-15119 CVE-2017-15124 CVE-2017-16845
CVE-2017-17381 CVE-2017-18043 CVE-2017-5715
CVE-2018-5683 CVE-2018-7550
Affected Products:
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
______________________________________________________________________________
An update that solves 8 vulnerabilities and has four fixes
is now available.
Description:
This update for qemu fixes the following issues:
This update has the next round of Spectre v2 related patches, which now
integrate with corresponding changes in libvirt. (CVE-2017-5715
bsc#1068032)
The January 2018 release of qemu initially addressed the Spectre v2
vulnerability for KVM guests by exposing the spec-ctrl feature for all x86
vcpu types, which was the quick and dirty approach, but not the proper
solution.
We replaced our initial patch by the patches from upstream.
This update defines spec_ctrl and ibpb cpu feature flags as well as new
cpu models which are clones of existing models with either -IBRS or -IBPB
added to the end of the model name. These new vcpu models explicitly
include the new feature(s), whereas the feature flags can be added to the
cpu parameter as with other features. In short, for continued Spectre v2
protection, ensure that either the appropriate cpu feature flag is added
to the QEMU command-line, or one of the new cpu models is used.
Although migration from older versions is supported, the new cpu features
won't be properly exposed to the guest until it is restarted with the cpu
features explicitly added. A reboot is insufficient.
A warning patch is added which attempts to detect a migration from a qemu
version which had the quick and dirty fix (it only detects certain cases,
but hopefully is helpful.) For additional information on Spectre v2 as it
relates to QEMU, see:
https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
A patch is added to continue to detect Spectre v2 mitigation features (as
shown by cpuid), and if found provide that feature to guests, even if
running on older KVM (kernel) versions which do not yet expose that
feature to QEMU. (bsc#1082276)
These two patches will be removed when we can reasonably assume everyone
is running with the appropriate updates.
Spectre fixes for IBM Z Series were included by providing more hw features
to guests (bsc#1076813)
Also security fixes for the following CVE issues are included:
- CVE-2017-17381: The Virtio Vring implementation in QEMU allowed local OS
guest users to cause a denial of service (divide-by-zero error and QEMU
process crash) by unsetting vring alignment while updating Virtio rings.
(bsc#1071228)
- CVE-2017-16845: The PS2 driver in Qemu did not validate 'rptr' and
'count' values during guest migration, leading to out-of-bounds access.
(bsc#1068613)
- CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator
(QEMU), was vulnerable to a denial of service issue. It could occur if a
client sent large option requests, making the server waste CPU time on
reading up to 4GB per request. A client could use this flaw to keep the
NBD server from serving other requests, resulting in DoS. (bsc#1070144)
- CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick
Emulator (Qemu) allowed a user to cause a denial of service (Qemu
process crash). (bsc#1076775)
- CVE-2018-5683: The VGA driver in Qemu allowed local OS guest privileged
users to cause a denial of service (out-of-bounds read and QEMU process
crash) by leveraging improper memory address validation. (bsc#1076114)
- CVE-2018-7550: The multiboot functionality in Quick Emulator (aka QEMU)
allowed local guest OS users to execute arbitrary code on the QEMU host
via an out-of-bounds read or write memory access. (bsc#1083291)
- CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) was
found to be vulnerable to an unbounded memory allocation issue, as it
did not throttle the framebuffer updates sent to its client. If the
client did not consume these updates, VNC server allocates growing
memory to hold onto this data. A malicious remote VNC client could use
this flaw to cause DoS to the server host. (bsc#1073489)
Additional bugs fixed:
- Fix pcihp for 1.6 and older machine types (bsc#1074572)
- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-516=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-516=1
- SUSE CaaS Platform ALL:
zypper in -t patch SUSE-CAASP-ALL-2018-516=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
qemu-2.9.1-6.12.1
qemu-block-curl-2.9.1-6.12.1
qemu-block-curl-debuginfo-2.9.1-6.12.1
qemu-block-iscsi-2.9.1-6.12.1
qemu-block-iscsi-debuginfo-2.9.1-6.12.1
qemu-block-ssh-2.9.1-6.12.1
qemu-block-ssh-debuginfo-2.9.1-6.12.1
qemu-debugsource-2.9.1-6.12.1
qemu-guest-agent-2.9.1-6.12.1
qemu-guest-agent-debuginfo-2.9.1-6.12.1
qemu-lang-2.9.1-6.12.1
qemu-tools-2.9.1-6.12.1
qemu-tools-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64):
qemu-block-rbd-2.9.1-6.12.1
qemu-block-rbd-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
qemu-kvm-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64):
qemu-arm-2.9.1-6.12.1
qemu-arm-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (ppc64le):
qemu-ppc-2.9.1-6.12.1
qemu-ppc-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.12.1
qemu-seabios-1.10.2-6.12.1
qemu-sgabios-8-6.12.1
qemu-vgabios-1.10.2-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (x86_64):
qemu-x86-2.9.1-6.12.1
qemu-x86-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
qemu-s390-2.9.1-6.12.1
qemu-s390-debuginfo-2.9.1-6.12.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
qemu-2.9.1-6.12.1
qemu-block-curl-2.9.1-6.12.1
qemu-block-curl-debuginfo-2.9.1-6.12.1
qemu-debugsource-2.9.1-6.12.1
qemu-kvm-2.9.1-6.12.1
qemu-tools-2.9.1-6.12.1
qemu-tools-debuginfo-2.9.1-6.12.1
qemu-x86-2.9.1-6.12.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.12.1
qemu-seabios-1.10.2-6.12.1
qemu-sgabios-8-6.12.1
qemu-vgabios-1.10.2-6.12.1
- SUSE CaaS Platform ALL (x86_64):
qemu-debugsource-2.9.1-6.12.1
qemu-guest-agent-2.9.1-6.12.1
qemu-guest-agent-debuginfo-2.9.1-6.12.1
References:
https://www.suse.com/security/cve/CVE-2017-15119.html
https://www.suse.com/security/cve/CVE-2017-15124.html
https://www.suse.com/security/cve/CVE-2017-16845.html
https://www.suse.com/security/cve/CVE-2017-17381.html
https://www.suse.com/security/cve/CVE-2017-18043.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-5683.html
https://www.suse.com/security/cve/CVE-2018-7550.html
https://bugzilla.suse.com/1040202
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068613
https://bugzilla.suse.com/1070144
https://bugzilla.suse.com/1071228
https://bugzilla.suse.com/1073489
https://bugzilla.suse.com/1074572
https://bugzilla.suse.com/1076114
https://bugzilla.suse.com/1076775
https://bugzilla.suse.com/1076813
https://bugzilla.suse.com/1082276
https://bugzilla.suse.com/1083291
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2018:0745-1: important: Security update for various KMPs
by opensuse-security@opensuse.org 19 Mar '18
by opensuse-security@opensuse.org 19 Mar '18
19 Mar '18
openSUSE Security Update: Security update for various KMPs
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0745-1
Rating: important
References: #1068032
Cross-References: CVE-2017-5715
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The Spectre Variant 2 in the Linux Kernel is mitigated using "retpolines".
This update rebuilds all openSUSE Leap 42.3 KMPs to use "retpolines" and
so be able to mitigate the Spectre v2 attack. (bsc#1068032 CVE-2017-5715)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-284=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
crash-7.1.8-6.1
crash-debuginfo-7.1.8-6.1
crash-debugsource-7.1.8-6.1
crash-devel-7.1.8-6.1
crash-doc-7.1.8-6.1
crash-eppic-7.1.8-6.1
crash-eppic-debuginfo-7.1.8-6.1
crash-gcore-7.1.8-6.1
crash-gcore-debuginfo-7.1.8-6.1
- openSUSE Leap 42.3 (x86_64):
bbswitch-0.8-12.2.1
bbswitch-debugsource-0.8-12.2.1
bbswitch-kmp-default-0.8_k4.4.114_42-12.2.1
bbswitch-kmp-default-debuginfo-0.8_k4.4.114_42-12.2.1
crash-kmp-default-7.1.8_k4.4.114_42-6.1
crash-kmp-default-debuginfo-7.1.8_k4.4.114_42-6.1
dpdk-16.11.1-6.2.1
dpdk-debuginfo-16.11.1-6.2.1
dpdk-debugsource-16.11.1-6.2.1
dpdk-devel-16.11.1-6.2.1
dpdk-devel-debuginfo-16.11.1-6.2.1
dpdk-examples-16.11.1-6.2.1
dpdk-examples-debuginfo-16.11.1-6.2.1
dpdk-kmp-default-16.11.1_k4.4.114_42-6.2.1
dpdk-kmp-default-debuginfo-16.11.1_k4.4.114_42-6.2.1
dpdk-tools-16.11.1-6.2.1
drbd-9.0.8+git.c8bc3670-2.2.1
drbd-debugsource-9.0.8+git.c8bc3670-2.2.1
drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_42-2.2.1
drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_42-2.2.1
drm-debugsource-4.9.33-7.1
drm-kmp-default-4.9.33_k4.4.114_42-7.1
drm-kmp-default-debuginfo-4.9.33_k4.4.114_42-7.1
ftsteutates-debugsource-20160601-4.2.1
ftsteutates-kmp-default-20160601_k4.4.114_42-4.2.1
ftsteutates-kmp-default-debuginfo-20160601_k4.4.114_42-4.2.1
hdjmod-debugsource-1.28-27.2.1
hdjmod-kmp-default-1.28_k4.4.114_42-27.2.1
hdjmod-kmp-default-debuginfo-1.28_k4.4.114_42-27.2.1
ipset-6.29-4.2.1
ipset-debuginfo-6.29-4.2.1
ipset-debugsource-6.29-4.2.1
ipset-devel-6.29-4.2.1
ipset-kmp-default-6.29_k4.4.114_42-4.2.1
ipset-kmp-default-debuginfo-6.29_k4.4.114_42-4.2.1
libipset3-6.29-4.2.1
libipset3-debuginfo-6.29-4.2.1
ndiswrapper-1.59-3.2.1
ndiswrapper-debuginfo-1.59-3.2.1
ndiswrapper-debugsource-1.59-3.2.1
ndiswrapper-kmp-default-1.59_k4.4.114_42-3.2.1
ndiswrapper-kmp-default-debuginfo-1.59_k4.4.114_42-3.2.1
pcfclock-0.44-272.2.1
pcfclock-debuginfo-0.44-272.2.1
pcfclock-debugsource-0.44-272.2.1
pcfclock-kmp-default-0.44_k4.4.114_42-272.2.1
pcfclock-kmp-default-debuginfo-0.44_k4.4.114_42-272.2.1
sysdig-0.17.0-10.1
sysdig-debuginfo-0.17.0-10.1
sysdig-debugsource-0.17.0-10.1
sysdig-kmp-default-0.17.0_k4.4.114_42-10.1
sysdig-kmp-default-debuginfo-0.17.0_k4.4.114_42-10.1
vhba-kmp-debugsource-20161009-9.2.1
vhba-kmp-default-20161009_k4.4.114_42-9.2.1
vhba-kmp-default-debuginfo-20161009_k4.4.114_42-9.2.1
xtables-addons-2.11-4.2.1
xtables-addons-debuginfo-2.11-4.2.1
xtables-addons-debugsource-2.11-4.2.1
xtables-addons-kmp-default-2.11_k4.4.114_42-4.2.1
xtables-addons-kmp-default-debuginfo-2.11_k4.4.114_42-4.2.1
- openSUSE Leap 42.3 (noarch):
dpdk-doc-16.11.1-6.2.1
ftsteutates-sensors-20160601-4.2.1
References:
https://www.suse.com/security/cve/CVE-2017-5715.html
https://bugzilla.suse.com/1068032
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0