   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0547-1
Rating:             important
References:         #1005666 #1015787 #1018100 #1023762 #1023888 
                    #1024081 #1024234 #1024508 #1024938 #1025047 
                    #1025048 #1025049 #1025050 #1025051 #1025053 
                    #1025055 #1025057 #1025058 #1025059 #1025060 
                    #1025061 #1025062 #1025063 #1025064 #1025065 
                    #1025066 #1025067 #1025069 #1025070 #1025071 
                    #1025072 #1025073 #1025074 #1025075 #1025076 
                    #1025077 #1025079 #1025080 #1025081 #1025235 
                    #1026024 #865869 #904489 #927455 #929871 
                    #935087 #935088 #936445 #937609 #937612 #937616 
                    #938550 #938891 #938892 #942512 #942685 #942925 
                    #944001 #945649 #946057 #946902 #949440 #949472 
                    #951615 #951844 #957805 #960300 #963193 #965344 
                    #966278 #966910 #968230 #972844 #972951 #972993 
                    #973855 #975596 #977685 #981038 #981709 #983087 
                    #984779 #985562 #985850 #987192 #989953 #990384 
                    #992712 #993841 #994881 
Cross-References:   CVE-2017-5897 CVE-2017-5970 CVE-2017-5986
                    CVE-2017-6074
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves four vulnerabilities and has 86 fixes
   is now available.

Description:



   The openSUSE Leap 42.1 kernel was updated to receive various security and
   bugfixes.

   The following security bugs were fixed:

   - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
     in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
     in the LISTEN state, which allowed local users to cause a denial of
     service (invalid free) or possibly have unspecified other impact via an
     application that made an IPV6_RECVPKTINFO setsockopt system call
     (bnc#1026024).
   - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
     net/sctp/socket.c in the Linux kernel allowed local users to cause a
     denial of service (assertion failure and panic) via a multithreaded
     application that peels off an association in a certain buffer-full state
     (bnc#1025235).
   - CVE-2017-5970: The ipv4_pktinfo_prepare function in
     net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
     denial of service (system crash) via (1) an application that made
     crafted system calls or possibly (2) IPv4 traffic with invalid IP
     options (bnc#1024938).
   - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE
     protocol was fixed. (bsc#1023762)

   The following non-security bugs were fixed:

   - btrfs: support NFSv2 export (bnc#929871).
   - btrfs: Direct I/O: Fix space accounting (bsc#1025058).
   - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).
   - btrfs: bail out if block group has different mixed flag (bsc#1025072).
   - btrfs: be more precise on errors when getting an inode from disk
     (bsc#981038).
   - btrfs: check pending chunks when shrinking fs to avoid corruption
     (bnc#936445).
   - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).
   - btrfs: do not BUG() during drop snapshot (bsc#1025076).
   - btrfs: do not collect ordered extents when logging that inode exists
     (bsc#977685).
   - btrfs: do not initialize a space info as full to prevent ENOSPC
     (bnc#944001).
   - btrfs: do not leak reloc root nodes on error (bsc#1025074).
   - btrfs: fix block group ->space_info null pointer dereference
     (bnc#935088).
   - btrfs: fix chunk allocation regression leading to transaction abort
     (bnc#938550).
   - btrfs: fix crash on close_ctree() if cleaner starts new transaction
     (bnc#938891).
   - btrfs: fix deadlock between direct IO reads and buffered writes
     (bsc#973855).
   - btrfs: fix deadlock between direct IO write and defrag/readpages
     (bnc#965344).
   - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).
   - btrfs: fix empty symlink after creating symlink and fsync parent dir
     (bsc#977685).
   - btrfs: fix extent accounting for partial direct IO writes (bsc#1025062).
   - btrfs: fix file corruption after cloning inline extents (bnc#942512).
   - btrfs: fix file loss on log replay after renaming a file and fsync
     (bsc#977685).
   - btrfs: fix file read corruption after extent cloning and fsync
     (bnc#946902).
   - btrfs: fix fitrim discarding device area reserved for boot loader's use
     (bsc#904489).
   - btrfs: fix for incorrect directory entries after fsync log replay
     (bsc#957805, bsc#977685).
   - btrfs: fix hang when failing to submit bio of directIO (bnc#942685).
   - btrfs: fix incremental send failure caused by balance (bsc#985850).
   - btrfs: fix invalid page accesses in extent_same (dedup) ioctl
     (bnc#968230).
   - btrfs: fix listxattrs not listing all xattrs packed in the same item
     (bsc#1025063).
   - btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).
   - btrfs: fix memory corruption on failure to submit bio for direct IO
     (bnc#942685).
   - btrfs: fix memory leak in do_walk_down (bsc#1025075).
   - btrfs: fix memory leak in reading btree blocks (bsc#1025071).
   - btrfs: fix order by which delayed references are run (bnc#949440).
   - btrfs: fix page reading in extent_same ioctl leading to csum errors     (bnc#968230).
   - btrfs: fix qgroup rescan worker initialization (bsc#1025077).
   - btrfs: fix qgroup sanity tests (bnc#951615).
   - btrfs: fix race between balance and unused block group deletion
     (bnc#938892).
   - btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).
   - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
   - btrfs: fix regression running delayed references when using qgroups
     (bnc#951615).
   - btrfs: fix regression when running delayed references (bnc#951615).
   - btrfs: fix relocation incorrectly dropping data references (bsc#990384).
   - btrfs: fix shrinking truncate when the no_holes feature is enabled
     (bsc#1025053).
   - btrfs: fix sleeping inside atomic context in qgroup rescan worker
     (bnc#960300).
   - btrfs: fix stale dir entries after removing a link and fsync
     (bnc#942925).
   - btrfs: fix unreplayable log after snapshot delete + parent dir fsync
     (bsc#977685).
   - btrfs: fix warning in backref walking (bnc#966278).
   - btrfs: fix warning of bytes_may_use (bsc#1025065).
   - btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).
   - btrfs: handle quota reserve failure properly (bsc#1005666).
   - btrfs: incremental send, check if orphanized dir inode needs delayed
     rename (bsc#1025049).
   - btrfs: incremental send, do not delay directory renames unnecessarily
     (bsc#1025048).
   - btrfs: incremental send, fix clone operations for compressed extents
     (fate#316463).
   - btrfs: incremental send, fix premature rmdir operations (bsc#1025064).
   - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,
     bnc#945649, bnc#951615).
   - btrfs: remove misleading handling of missing device scrub (bsc#1025055).
   - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock
     (bsc#904489).
   - btrfs: return gracefully from balance if fs tree is corrupted
     (bsc#1025073).
   - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
   - btrfs: send, fix corner case for reference overwrite detection
     (bsc#1025080).
   - btrfs: send, fix file corruption due to incorrect cloning operations
     (bsc#1025060).
   - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047).
   - btrfs: test_check_exists: Fix infinite loop when searching for free
     space entries (bsc#987192).
   - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,
     bnc#945649).
   - btrfs: use received_uuid of parent during send (bsc#1025051).
   - btrfs: wake up extent state waiters on unlock through clear_extent_bits
     (bsc#1025050).
   - btrfs: Add handler for invalidate page (bsc#963193).
   - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
   - btrfs: Avoid truncate tailing page if fallocate range does not exceed
     inode size (bsc#1025059).
   - btrfs: Continue write in case of can_not_nocow (bsc#1025070).
   - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space
     (bsc#1005666).
   - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c
     (bsc#983087).
   - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,
     bsc#984779).
   - btrfs: Handle unaligned length in extent_same (bsc#937609).
   - btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081).
   - btrfs: add missing discards when unpinning extents with -o discard
     (bsc#904489).
   - btrfs: advertise which crc32c implementation is being used on mount
     (bsc#946057).
   - btrfs: allow dedupe of same inode (bsc#1025067).
   - btrfs: backref: Add special time_seq == (u64)-1 case for
     btrfs_find_all_roots() (bnc#935087, bnc#945649).
   - btrfs: backref: Do not merge refs which are not for same block
     (bnc#935087, bnc#945649).
   - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector
     boundaries (bsc#904489).
   - btrfs: change max_inline default to 2048 (bsc#949472).
   - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,
     bnc#945649).
   - btrfs: delayed-ref: Use list to replace the ref_root in ref_head
     (bnc#935087, bnc#945649).
   - btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref()
     (bsc#1025079).
   - btrfs: delayed_ref: Add new function to record reserved space into
     delayed ref (bsc#963193).
   - btrfs: delayed_ref: release and free qgroup reserved at proper timing
     (bsc#963193).
   - btrfs: disable defrag of tree roots.
   - btrfs: do not create or leak aliased root while cleaning up orphans
     (bsc#994881).
   - btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).
   - btrfs: explictly delete unused block groups in close_ctree and
     ro-remount (bsc#904489).
   - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and
     btrfs_free_reserved_data_space (bsc#963193).
   - btrfs: extent-tree: Add new version of
     btrfs_delalloc_reserve/release_space (bsc#963193).
   - btrfs: extent-tree: Switch to new check_data_free_space and
     free_reserved_data_space (bsc#963193).
   - btrfs: extent-tree: Switch to new delalloc space reserve and release
     (bsc#963193).
   - btrfs: extent-tree: Use ref_node to replace unneeded parameters in
     __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
   - btrfs: extent_io: Introduce needed structure for recoding set/clear bits
     (bsc#963193).
   - btrfs: extent_io: Introduce new function clear_record_extent_bits()
     (bsc#963193).
   - btrfs: extent_io: Introduce new function set_record_extent_bits
     (bsc#963193).
   - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).
   - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
     (bsc#1018100).
   - btrfs: fix clone / extent-same deadlocks (bsc#937612).
   - btrfs: fix deadlock with extent-same and readpage (bsc#937612).
   - btrfs: fix resending received snapshot with parent (bsc#1025061).
   - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).
   - btrfs: increment ctx->pos for every emitted or skipped dirent in
     readdir (bsc#981709).
   - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
   - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
   - btrfs: make file clone aware of fatal signals (bsc#1015787).
   - btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).
   - btrfs: properly track when rescan worker is running (bsc#989953).
   - btrfs: provide super_operations->inode_get_dev (bsc#927455).
   - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).
   - btrfs: qgroup: Add new function to record old_roots (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add new qgroup calculation function
     btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
   - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).
   - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in
     clear_bit_hook (bsc#963193).
   - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).
   - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).
   - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan
     (bnc#960300).
   - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans
     (bsc#963193).
   - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free
     (bsc#963193).
   - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993).
   - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing
     (bsc#983087).
   - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).
   - btrfs: qgroup: Introduce functions to release/free qgroup reserve data
     space (bsc#963193).
   - btrfs: qgroup: Introduce new functions to reserve/free metadata
     (bsc#963193).
   - btrfs: qgroup: Make snapshot accounting work with new extent-oriented
     qgroup (bnc#935087, bnc#945649).
   - btrfs: qgroup: Record possible quota-related extent for qgroup
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Use new metadata reservation (bsc#963193).
   - btrfs: qgroup: account shared subtree during snapshot delete
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
   - btrfs: qgroup: fix quota disable during rescan (bnc#960300).
   - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
     (bsc#981709).
   - btrfs: serialize subvolume mounts with potentially mismatching rw flags
     (bsc#951844).
   - btrfs: skip superblocks during discard (bsc#904489).
   - btrfs: syslog when quota is disabled.
   - btrfs: syslog when quota is enabled
   - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
   - btrfs: use the new VFS super_block_dev (bnc#865869).
   - btrfs: waiting on qgroup rescan should not always be interruptible
     (bsc#992712).
   - fs/super.c: add new super block sub devices super_block_dev (bnc#865869).
   - fs/super.c: fix race between freeze_super() and thaw_super()
     (bsc#1025066).
   - kabi: only use sops->get_inode_dev with proper fsflag (bsc#927455).
   - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).
   - vfs: add super_operations->get_inode_dev (bsc#927455).
   - xfs: do not allow di_size with high bit set (bsc#1024234).
   - xfs: exclude never-released buffers from buftarg I/O accounting
     (bsc#1024508).
   - xfs: fix broken multi-fsb buffer logging (bsc#1024081).
   - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
   - xfs: track and serialize in-flight async buffers against unmount - kABI
     (bsc#1024508).
   - xfs: track and serialize in-flight async buffers against unmount
     (bsc#1024508).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2017-287=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      kernel-default-4.1.38-50.1
      kernel-default-base-4.1.38-50.1
      kernel-default-base-debuginfo-4.1.38-50.1
      kernel-default-debuginfo-4.1.38-50.1
      kernel-default-debugsource-4.1.38-50.1
      kernel-default-devel-4.1.38-50.1
      kernel-obs-build-4.1.38-50.2
      kernel-obs-build-debugsource-4.1.38-50.2
      kernel-obs-qa-4.1.38-50.1
      kernel-syms-4.1.38-50.1

   - openSUSE Leap 42.1 (i686 x86_64):

      kernel-debug-4.1.38-50.1
      kernel-debug-base-4.1.38-50.1
      kernel-debug-base-debuginfo-4.1.38-50.1
      kernel-debug-debuginfo-4.1.38-50.1
      kernel-debug-debugsource-4.1.38-50.1
      kernel-debug-devel-4.1.38-50.1
      kernel-debug-devel-debuginfo-4.1.38-50.1
      kernel-ec2-4.1.38-50.1
      kernel-ec2-base-4.1.38-50.1
      kernel-ec2-base-debuginfo-4.1.38-50.1
      kernel-ec2-debuginfo-4.1.38-50.1
      kernel-ec2-debugsource-4.1.38-50.1
      kernel-ec2-devel-4.1.38-50.1
      kernel-pv-4.1.38-50.1
      kernel-pv-base-4.1.38-50.1
      kernel-pv-base-debuginfo-4.1.38-50.1
      kernel-pv-debuginfo-4.1.38-50.1
      kernel-pv-debugsource-4.1.38-50.1
      kernel-pv-devel-4.1.38-50.1
      kernel-vanilla-4.1.38-50.1
      kernel-vanilla-debuginfo-4.1.38-50.1
      kernel-vanilla-debugsource-4.1.38-50.1
      kernel-vanilla-devel-4.1.38-50.1
      kernel-xen-4.1.38-50.1
      kernel-xen-base-4.1.38-50.1
      kernel-xen-base-debuginfo-4.1.38-50.1
      kernel-xen-debuginfo-4.1.38-50.1
      kernel-xen-debugsource-4.1.38-50.1
      kernel-xen-devel-4.1.38-50.1

   - openSUSE Leap 42.1 (noarch):

      kernel-devel-4.1.38-50.1
      kernel-docs-4.1.38-50.3
      kernel-docs-html-4.1.38-50.3
      kernel-docs-pdf-4.1.38-50.3
      kernel-macros-4.1.38-50.1
      kernel-source-4.1.38-50.1
      kernel-source-vanilla-4.1.38-50.1

   - openSUSE Leap 42.1 (i686):

      kernel-pae-4.1.38-50.1
      kernel-pae-base-4.1.38-50.1
      kernel-pae-base-debuginfo-4.1.38-50.1
      kernel-pae-debuginfo-4.1.38-50.1
      kernel-pae-debugsource-4.1.38-50.1
      kernel-pae-devel-4.1.38-50.1


References:

   https://www.suse.com/security/cve/CVE-2017-5897.html
   https://www.suse.com/security/cve/CVE-2017-5970.html
   https://www.suse.com/security/cve/CVE-2017-5986.html
   https://www.suse.com/security/cve/CVE-2017-6074.html
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1015787
   https://bugzilla.suse.com/1018100
   https://bugzilla.suse.com/1023762
   https://bugzilla.suse.com/1023888
   https://bugzilla.suse.com/1024081
   https://bugzilla.suse.com/1024234
   https://bugzilla.suse.com/1024508
   https://bugzilla.suse.com/1024938
   https://bugzilla.suse.com/1025047
   https://bugzilla.suse.com/1025048
   https://bugzilla.suse.com/1025049
   https://bugzilla.suse.com/1025050
   https://bugzilla.suse.com/1025051
   https://bugzilla.suse.com/1025053
   https://bugzilla.suse.com/1025055
   https://bugzilla.suse.com/1025057
   https://bugzilla.suse.com/1025058
   https://bugzilla.suse.com/1025059
   https://bugzilla.suse.com/1025060
   https://bugzilla.suse.com/1025061
   https://bugzilla.suse.com/1025062
   https://bugzilla.suse.com/1025063
   https://bugzilla.suse.com/1025064
   https://bugzilla.suse.com/1025065
   https://bugzilla.suse.com/1025066
   https://bugzilla.suse.com/1025067
   https://bugzilla.suse.com/1025069
   https://bugzilla.suse.com/1025070
   https://bugzilla.suse.com/1025071
   https://bugzilla.suse.com/1025072
   https://bugzilla.suse.com/1025073
   https://bugzilla.suse.com/1025074
   https://bugzilla.suse.com/1025075
   https://bugzilla.suse.com/1025076
   https://bugzilla.suse.com/1025077
   https://bugzilla.suse.com/1025079
   https://bugzilla.suse.com/1025080
   https://bugzilla.suse.com/1025081
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1026024
   https://bugzilla.suse.com/865869
   https://bugzilla.suse.com/904489
   https://bugzilla.suse.com/927455
   https://bugzilla.suse.com/929871
   https://bugzilla.suse.com/935087
   https://bugzilla.suse.com/935088
   https://bugzilla.suse.com/936445
   https://bugzilla.suse.com/937609
   https://bugzilla.suse.com/937612
   https://bugzilla.suse.com/937616
   https://bugzilla.suse.com/938550
   https://bugzilla.suse.com/938891
   https://bugzilla.suse.com/938892
   https://bugzilla.suse.com/942512
   https://bugzilla.suse.com/942685
   https://bugzilla.suse.com/942925
   https://bugzilla.suse.com/944001
   https://bugzilla.suse.com/945649
   https://bugzilla.suse.com/946057
   https://bugzilla.suse.com/946902
   https://bugzilla.suse.com/949440
   https://bugzilla.suse.com/949472
   https://bugzilla.suse.com/951615
   https://bugzilla.suse.com/951844
   https://bugzilla.suse.com/957805
   https://bugzilla.suse.com/960300
   https://bugzilla.suse.com/963193
   https://bugzilla.suse.com/965344
   https://bugzilla.suse.com/966278
   https://bugzilla.suse.com/966910
   https://bugzilla.suse.com/968230
   https://bugzilla.suse.com/972844
   https://bugzilla.suse.com/972951
   https://bugzilla.suse.com/972993
   https://bugzilla.suse.com/973855
   https://bugzilla.suse.com/975596
   https://bugzilla.suse.com/977685
   https://bugzilla.suse.com/981038
   https://bugzilla.suse.com/981709
   https://bugzilla.suse.com/983087
   https://bugzilla.suse.com/984779
   https://bugzilla.suse.com/985562
   https://bugzilla.suse.com/985850
   https://bugzilla.suse.com/987192
   https://bugzilla.suse.com/989953
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/992712
   https://bugzilla.suse.com/993841
   https://bugzilla.suse.com/994881

--

openSUSE: 2017:0547-1: important: the Linux Kernel

February 22, 2017

An update that solves four vulnerabilities and has 86 fixes is now available.

Description

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762) The following non-security bugs were fixed: - btrfs: support NFSv2 export (bnc#929871). - btrfs: Direct I/O: Fix space accounting (bsc#1025058). - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069). - btrfs: bail out if block group has different mixed flag (bsc#1025072). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: check pending chunks when shrinking fs to avoid corruption (bnc#936445). - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910). - btrfs: do not BUG() during drop snapshot (bsc#1025076). - btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - btrfs: do not initialize a space info as full to prevent ENOSPC (bnc#944001). - btrfs: do not leak reloc root nodes on error (bsc#1025074). - btrfs: fix block group ->space_info null pointer dereference (bnc#935088). - btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550). - btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891). - btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057). - btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - btrfs: fix extent accounting for partial direct IO writes (bsc#1025062). - btrfs: fix file corruption after cloning inline extents (bnc#942512). - btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - btrfs: fix file read corruption after extent cloning and fsync (bnc#946902). - btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489). - btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - btrfs: fix hang when failing to submit bio of directIO (bnc#942685). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix invalid page accesses in extent_same (dedup) ioctl (bnc#968230). - btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1025063). - btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844). - btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685). - btrfs: fix memory leak in do_walk_down (bsc#1025075). - btrfs: fix memory leak in reading btree blocks (bsc#1025071). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix page reading in extent_same ioctl leading to csum errors (bnc#968230). - btrfs: fix qgroup rescan worker initialization (bsc#1025077). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race between balance and unused block group deletion (bnc#938892). - btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix shrinking truncate when the no_holes feature is enabled (bsc#1025053). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: fix stale dir entries after removing a link and fsync (bnc#942925). - btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - btrfs: fix warning in backref walking (bnc#966278). - btrfs: fix warning of bytes_may_use (bsc#1025065). - btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: incremental send, check if orphanized dir inode needs delayed rename (bsc#1025049). - btrfs: incremental send, do not delay directory renames unnecessarily (bsc#1025048). - btrfs: incremental send, fix clone operations for compressed extents (fate#316463). - btrfs: incremental send, fix premature rmdir operations (bsc#1025064). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649, bnc#951615). - btrfs: remove misleading handling of missing device scrub (bsc#1025055). - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489). - btrfs: return gracefully from balance if fs tree is corrupted (bsc#1025073). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: send, fix corner case for reference overwrite detection (bsc#1025080). - btrfs: send, fix file corruption due to incorrect cloning operations (bsc#1025060). - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - btrfs: use received_uuid of parent during send (bsc#1025051). - btrfs: wake up extent state waiters on unlock through clear_extent_bits (bsc#1025050). - btrfs: Add handler for invalidate page (bsc#963193). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1025059). - btrfs: Continue write in case of can_not_nocow (bsc#1025070). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087). - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779). - btrfs: Handle unaligned length in extent_same (bsc#937609). - btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081). - btrfs: add missing discards when unpinning extents with -o discard (bsc#904489). - btrfs: advertise which crc32c implementation is being used on mount (bsc#946057). - btrfs: allow dedupe of same inode (bsc#1025067). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489). - btrfs: change max_inline default to 2048 (bsc#949472). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref() (bsc#1025079). - btrfs: delayed_ref: Add new function to record reserved space into delayed ref (bsc#963193). - btrfs: delayed_ref: release and free qgroup reserved at proper timing (bsc#963193). - btrfs: disable defrag of tree roots. - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489). - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and btrfs_free_reserved_data_space (bsc#963193). - btrfs: extent-tree: Add new version of btrfs_delalloc_reserve/release_space (bsc#963193). - btrfs: extent-tree: Switch to new check_data_free_space and free_reserved_data_space (bsc#963193). - btrfs: extent-tree: Switch to new delalloc space reserve and release (bsc#963193). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: extent_io: Introduce needed structure for recoding set/clear bits (bsc#963193). - btrfs: extent_io: Introduce new function clear_record_extent_bits() (bsc#963193). - btrfs: extent_io: Introduce new function set_record_extent_bits (bsc#963193). - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193). - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - btrfs: fix clone / extent-same deadlocks (bsc#937612). - btrfs: fix deadlock with extent-same and readpage (bsc#937612). - btrfs: fix resending received snapshot with parent (bsc#1025061). - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: iterate over unused chunk space in FITRIM (bsc#904489). - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489). - btrfs: make file clone aware of fatal signals (bsc#1015787). - btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - btrfs: properly track when rescan worker is running (bsc#989953). - btrfs: provide super_operations->inode_get_dev (bsc#927455). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in clear_bit_hook (bsc#963193). - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193). - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans (bsc#963193). - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free (bsc#963193). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087). - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193). - btrfs: qgroup: Introduce functions to release/free qgroup reserve data space (bsc#963193). - btrfs: qgroup: Introduce new functions to reserve/free metadata (bsc#963193). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Use new metadata reservation (bsc#963193). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844). - btrfs: skip superblocks during discard (bsc#904489). - btrfs: syslog when quota is disabled. - btrfs: syslog when quota is enabled - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use the new VFS super_block_dev (bnc#865869). - btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712). - fs/super.c: add new super block sub devices super_block_dev (bnc#865869). - fs/super.c: fix race between freeze_super() and thaw_super() (bsc#1025066). - kabi: only use sops->get_inode_dev with proper fsflag (bsc#927455). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - vfs: add super_operations->get_inode_dev (bsc#927455). - xfs: do not allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508).

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-287=1 To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i586 x86_64): kernel-default-4.1.38-50.1 kernel-default-base-4.1.38-50.1 kernel-default-base-debuginfo-4.1.38-50.1 kernel-default-debuginfo-4.1.38-50.1 kernel-default-debugsource-4.1.38-50.1 kernel-default-devel-4.1.38-50.1 kernel-obs-build-4.1.38-50.2 kernel-obs-build-debugsource-4.1.38-50.2 kernel-obs-qa-4.1.38-50.1 kernel-syms-4.1.38-50.1 - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.38-50.1 kernel-debug-base-4.1.38-50.1 kernel-debug-base-debuginfo-4.1.38-50.1 kernel-debug-debuginfo-4.1.38-50.1 kernel-debug-debugsource-4.1.38-50.1 kernel-debug-devel-4.1.38-50.1 kernel-debug-devel-debuginfo-4.1.38-50.1 kernel-ec2-4.1.38-50.1 kernel-ec2-base-4.1.38-50.1 kernel-ec2-base-debuginfo-4.1.38-50.1 kernel-ec2-debuginfo-4.1.38-50.1 kernel-ec2-debugsource-4.1.38-50.1 kernel-ec2-devel-4.1.38-50.1 kernel-pv-4.1.38-50.1 kernel-pv-base-4.1.38-50.1 kernel-pv-base-debuginfo-4.1.38-50.1 kernel-pv-debuginfo-4.1.38-50.1 kernel-pv-debugsource-4.1.38-50.1 kernel-pv-devel-4.1.38-50.1 kernel-vanilla-4.1.38-50.1 kernel-vanilla-debuginfo-4.1.38-50.1 kernel-vanilla-debugsource-4.1.38-50.1 kernel-vanilla-devel-4.1.38-50.1 kernel-xen-4.1.38-50.1 kernel-xen-base-4.1.38-50.1 kernel-xen-base-debuginfo-4.1.38-50.1 kernel-xen-debuginfo-4.1.38-50.1 kernel-xen-debugsource-4.1.38-50.1 kernel-xen-devel-4.1.38-50.1 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.38-50.1 kernel-docs-4.1.38-50.3 kernel-docs-html-4.1.38-50.3 kernel-docs-pdf-4.1.38-50.3 kernel-macros-4.1.38-50.1 kernel-source-4.1.38-50.1 kernel-source-vanilla-4.1.38-50.1 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.38-50.1 kernel-pae-base-4.1.38-50.1 kernel-pae-base-debuginfo-4.1.38-50.1 kernel-pae-debuginfo-4.1.38-50.1 kernel-pae-debugsource-4.1.38-50.1 kernel-pae-devel-4.1.38-50.1

References

https://www.suse.com/security/cve/CVE-2017-5897.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1015787 https://bugzilla.suse.com/1018100 https://bugzilla.suse.com/1023762 https://bugzilla.suse.com/1023888 https://bugzilla.suse.com/1024081 https://bugzilla.suse.com/1024234 https://bugzilla.suse.com/1024508 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025047 https://bugzilla.suse.com/1025048 https://bugzilla.suse.com/1025049 https://bugzilla.suse.com/1025050 https://bugzilla.suse.com/1025051 https://bugzilla.suse.com/1025053 https://bugzilla.suse.com/1025055 https://bugzilla.suse.com/1025057 https://bugzilla.suse.com/1025058 https://bugzilla.suse.com/1025059 https://bugzilla.suse.com/1025060 https://bugzilla.suse.com/1025061 https://bugzilla.suse.com/1025062 https://bugzilla.suse.com/1025063 https://bugzilla.suse.com/1025064 https://bugzilla.suse.com/1025065 https://bugzilla.suse.com/1025066 https://bugzilla.suse.com/1025067 https://bugzilla.suse.com/1025069 https://bugzilla.suse.com/1025070 https://bugzilla.suse.com/1025071 https://bugzilla.suse.com/1025072 https://bugzilla.suse.com/1025073 https://bugzilla.suse.com/1025074 https://bugzilla.suse.com/1025075 https://bugzilla.suse.com/1025076 https://bugzilla.suse.com/1025077 https://bugzilla.suse.com/1025079 https://bugzilla.suse.com/1025080 https://bugzilla.suse.com/1025081 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/865869 https://bugzilla.suse.com/904489 https://bugzilla.suse.com/927455 https://bugzilla.suse.com/929871 https://bugzilla.suse.com/935087 https://bugzilla.suse.com/935088 https://bugzilla.suse.com/936445 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938550 https://bugzilla.suse.com/938891 https://bugzilla.suse.com/938892 https://bugzilla.suse.com/942512 https://bugzilla.suse.com/942685 https://bugzilla.suse.com/942925 https://bugzilla.suse.com/944001 https://bugzilla.suse.com/945649 https://bugzilla.suse.com/946057 https://bugzilla.suse.com/946902 https://bugzilla.suse.com/949440 https://bugzilla.suse.com/949472 https://bugzilla.suse.com/951615 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/957805 https://bugzilla.suse.com/960300 https://bugzilla.suse.com/963193 https://bugzilla.suse.com/965344 https://bugzilla.suse.com/966278 https://bugzilla.suse.com/966910 https://bugzilla.suse.com/968230 https://bugzilla.suse.com/972844 https://bugzilla.suse.com/972951 https://bugzilla.suse.com/972993 https://bugzilla.suse.com/973855 https://bugzilla.suse.com/975596 https://bugzilla.suse.com/977685 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981709 https://bugzilla.suse.com/983087 https://bugzilla.suse.com/984779 https://bugzilla.suse.com/985562 https://bugzilla.suse.com/985850 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/989953 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/992712 https://bugzilla.suse.com/993841 https://bugzilla.suse.com/994881--