openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0907-1
Rating:             important
References:         #1007959 #1007962 #1008842 #1011913 #1012910 
                    #1013994 #1015609 #1017461 #1017641 #1018263 
                    #1018419 #1019163 #1019618 #1020048 #1022785 
                    #1023866 #1024015 #1025235 #1025683 #1026405 
                    #1026462 #1026505 #1026509 #1026692 #1026722 
                    #1027054 #1027066 #1027179 #1027189 #1027190 
                    #1027195 #1027273 #1027565 #1027575 #1028017 
                    #1028041 #1028158 #1028217 #1028325 #1028372 
                    #1028415 #1028819 #1028895 #1029220 #1029986 
                    #1030573 #1030575 #951844 #968697 #969755 
                    #982783 #998106 
Cross-References:   CVE-2016-10200 CVE-2016-2117 CVE-2016-9191
                    CVE-2017-2596 CVE-2017-2636 CVE-2017-6214
                    CVE-2017-6345 CVE-2017-6346 CVE-2017-6347
                    CVE-2017-6353 CVE-2017-7184
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 41 fixes
   is now available.

Description:



   The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security
   issues and bugs.

   The following security bugs were fixed:

   - CVE-2017-7184: The xfrm_replay_verify_len function in
     net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
     data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
     root privileges or cause a denial of service (heap-based out-of-bounds
     access) by leveraging the CAP_NET_ADMIN capability, as demonstrated
     during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10
     linux-image-* package 4.8.0.41.52 (bnc#1030573).
   - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
     the Linux kernel allowed local users to gain privileges or cause a
     denial of service (use-after-free) by making multiple bind system calls
     without properly ascertaining whether a socket has the SOCK_ZAPPED
     status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
     (bnc#1028415).
   - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (double free) by setting the HDLC line discipline (bnc#1027565).
   - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that
     a certain destructor exists in required circumstances, which allowed
     local users to cause a denial of service (BUG_ON) or possibly have
     unspecified other impact via crafted system calls (bnc#1027190).
   - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux
     kernel allowed local users to cause a denial of service (use-after-free)
     or possibly have unspecified other impact via a multithreaded
     application that made PACKET_FANOUT setsockopt system calls
     (bnc#1027189).
   - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
     restrict association peel-off operations during certain wait states,
     which allowed local users to cause a denial of service (invalid unlock
     and double free) via a multithreaded application.  NOTE: this
     vulnerability exists because of an incorrect fix for CVE-2017-5986
     (bnc#1025235).
   - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
     Linux kernel allowed remote attackers to cause a denial of service
     (infinite loop and soft lockup) via vectors involving a TCP packet with
     the URG flag (bnc#1026722).
   - CVE-2016-2117: The atl2_probe function in
     drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly
     enables scatter/gather I/O, which allowed remote attackers to obtain
     sensitive information from kernel memory by reading packet data
     (bnc#968697).
   - CVE-2017-6347: The ip_cmsg_recv_checksum function in
     net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations
     about skb data layout, which allowed local users to cause a denial of
     service (buffer over-read) or possibly have unspecified other impact via
     crafted system calls, as demonstrated by use of the MSG_MORE flag in
     conjunction with loopback UDP transmission (bnc#1027179).
   - CVE-2016-9191: The cgroup offline implementation in the Linux kernel
     mishandled certain drain operations, which allowed local users to cause
     a denial of service (system hang) by leveraging access to a container
     environment for executing a crafted application, as demonstrated by
     trinity (bnc#1008842).
   - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c
     in the Linux kernel improperly emulates the VMXON instruction, which
     allowed KVM L1 guest OS users to cause a denial of service (host OS
     memory consumption) by leveraging the mishandling of page references
     (bnc#1022785).

   The following non-security bugs were fixed:

   - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).
   - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).
   - ACPI: Remove platform devices from a bus on removal (bsc#1028819).
   - add mainline tag to one hyperv patch
   - bnx2x: allow adding VLANs while interface is down (bsc#1027273).
   - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).
   - btrfs: incremental send, do not delay rename when parent inode is new
     (bsc#1028325).
   - btrfs: incremental send, do not issue invalid rmdir operations
     (bsc#1028325).
   - btrfs: qgroup: Move half of the qgroup accounting time out of commit
     trans (bsc#1017461).
   - btrfs: send, fix failure to rename top level inode due to name collision
     (bsc#1028325).
   - btrfs: serialize subvolume mounts with potentially mismatching rw flags
     (bsc#951844 bsc#1024015)
   - crypto: algif_hash - avoid zero-sized array (bnc#1007962).
   - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).
   - drivers: hv: vmbus: Prevent sending data on a rescinded channel
     (fate#320485, bug#1028217).
   - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).
   - drm/i915: Listen for PMIC bus access notifications (bsc#1011913).
   - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959,
     fate#322780)
   - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).
   - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56).
   - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).
   - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).
   - i2c: designware-baytrail: Acquire P-Unit access on bus acquire
     (bsc#1011913).
   - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain
     (bsc#1011913).
   - i2c: designware-baytrail: Fix race when resetting the semaphore
     (bsc#1011913).
   - i2c: designware-baytrail: Only check iosf_mbi_available() for shared
     hosts (bsc#1011913).
   - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM
     method (bsc#1011913).
   - i2c-designware: increase timeout (bsc#1011913).
   - i2c: designware: Never suspend i2c-busses used for accessing the system
     PMIC (bsc#1011913).
   - i2c: designware: Rename accessor_flags to flags (bsc#1011913).
   - kABI: protect struct iscsi_conn (kabi).
   - kABI: protect struct se_node_acl (kabi).
   - kABI: restore can_rx_register parameters (kabi).
   - kgr/module: make a taint flag module-specific (fate#313296).
   - kgr: remove all arch-specific kgraft header files (fate#313296).
   - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).
   - l2tp: fix lookup for sockets not bound to a device in l2tp_ip
     (bsc#1028415).
   - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
     (bsc#1028415).
   - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
     (bsc#1028415).
   - l2tp: lock socket before checking flags in connect() (bsc#1028415).
   - md/raid1: add rcu protection to rdev in fix_read_error (References:
     bsc#998106,bsc#1020048,bsc#982783).
   - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).
   - md/raid1: handle flush request correctly
     (bsc#998106,bsc#1020048,bsc#982783).
   - md/raid1: Refactor raid1_make_request
     (bsc#998106,bsc#1020048,bsc#982783).
   - mm: fix set pageblock migratetype in deferred struct page init
     (bnc#1027195).
   - mm/page_alloc: Remove useless parameter of __free_pages_boot_core
     (bnc#1027195).
   - module: move add_taint_module() to a header file (fate#313296).
   - net/ena: change condition for host attribute configuration (bsc#1026509).
   - net/ena: change driver's default timeouts (bsc#1026509).
   - net: ena: change the return type of ena_set_push_mode() to be void
     (bsc#1026509).
   - net: ena: Fix error return code in ena_device_init() (bsc#1026509).
   - net/ena: fix ethtool RSS flow configuration (bsc#1026509).
   - net/ena: fix NULL dereference when removing the driver after device
     reset failed (bsc#1026509).
   - net/ena: fix potential access to freed memory during device reset
     (bsc#1026509).
   - net/ena: fix queues number calculation (bsc#1026509).
   - net/ena: fix RSS default hash configuration (bsc#1026509).
   - net/ena: reduce the severity of ena printouts (bsc#1026509).
   - net/ena: refactor ena_get_stats64 to be atomic context safe
     (bsc#1026509).
   - net/ena: remove ntuple filter support from device feature list
     (bsc#1026509).
   - net: ena: remove superfluous check in ena_remove() (bsc#1026509).
   - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).
   - net/ena: update driver version to 1.1.2 (bsc#1026509).
   - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).
   - net: ena: use setup_timer() and mod_timer() (bsc#1026509).
   - net/mlx4_core: Avoid command timeouts during VF driver device shutdown
     (bsc#1028017).
   - net/mlx4_core: Avoid delays during VF driver device shutdown
     (bsc#1028017).
   - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).
   - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
     VGT transitions (bsc#1028017).
   - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
     (bsc#1028017).
   - net/mlx4_en: Fix bad WQE issue (bsc#1028017).
   - NFS: do not try to cross a mountpount when there isn't one there
     (bsc#1028041).
   - nvme: Do not suspend admin queue that wasn't created (bsc#1026505).
   - nvme: Suspend all queues before deletion (bsc#1026505).
   - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
     (fate#320485, bug#1028217).
   - PCI: hv: Use device serial number as PCI domain (fate#320485,
     bug#1028217).
   - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
   - RAID1: a new I/O barrier implementation to remove resync window
     (bsc#998106,bsc#1020048,bsc#982783).
   - RAID1: avoid unnecessary spin locks in I/O barrier code
     (bsc#998106,bsc#1020048,bsc#982783).
   - Revert "give up on gcc ilog2() constant optimizations" (kabi).
   - Revert "net: introduce device min_header_len" (kabi).
   - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"
     (bsc#1028017).
   - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).
   - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).
   - Revert "target: Fix NULL dereference during LUN lookup + active I/O
     shutdown" (kabi).
   - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data
     (bsc#1026462).
   - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).
   - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683,
     LTC#152318).
   - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
     (bsc#1018419).
   - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).
   - scsi: do not print 'reservation conflict' for TEST UNIT READY
     (bsc#1027054).
   - softirq: Let ksoftirqd do its job (bsc#1019618).
   - supported.conf: Add tcp_westwood as supported module (fate#322432)
   - taint/module: Clean up global and module taint flags handling
     (fate#313296).
   - Update mainline reference in
   patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch S
     ee (bsc#1028158) for the context in which this was discovered upstream.
   - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).
   - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).
   - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).
   - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).
   - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).
   - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier
     (bsc#1011913).
   - x86/platform: Remove warning message for duplicate NMI handlers     (bsc#1029220).
   - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).
   - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).
   - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).
   - x86/platform/UV: Clean up the NMI code to match current coding style
     (bsc#1023866).
   - x86/platform/UV: Clean up the UV APIC code (bsc#1023866).
   - x86/platform/UV: Ensure uv_system_init is called when necessary
     (bsc#1023866).
   - x86/platform/UV: Fix 2 socket config problem (bsc#1023866).
   - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).
   - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source
     (bsc#1023866).
   - x86/platform/UV: Verify NMI action is valid, default is standard
     (bsc#1023866).
   - xen-blkfront: correct maximum segment accounting (bsc#1018263).
   - xen-blkfront: do not call talk_to_blkback when already connected to
     blkback.
   - xen/blkfront: Fix crash if backend does not follow the right states.
   - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
   - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).
   - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).
   - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation
     (bsc#1015609).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-418=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.2 (noarch):

      kernel-devel-4.4.57-18.3.1
      kernel-docs-4.4.57-18.3.2
      kernel-docs-html-4.4.57-18.3.2
      kernel-docs-pdf-4.4.57-18.3.2
      kernel-macros-4.4.57-18.3.1
      kernel-source-4.4.57-18.3.1
      kernel-source-vanilla-4.4.57-18.3.1

   - openSUSE Leap 42.2 (x86_64):

      kernel-debug-4.4.57-18.3.1
      kernel-debug-base-4.4.57-18.3.1
      kernel-debug-base-debuginfo-4.4.57-18.3.1
      kernel-debug-debuginfo-4.4.57-18.3.1
      kernel-debug-debugsource-4.4.57-18.3.1
      kernel-debug-devel-4.4.57-18.3.1
      kernel-debug-devel-debuginfo-4.4.57-18.3.1
      kernel-default-4.4.57-18.3.1
      kernel-default-base-4.4.57-18.3.1
      kernel-default-base-debuginfo-4.4.57-18.3.1
      kernel-default-debuginfo-4.4.57-18.3.1
      kernel-default-debugsource-4.4.57-18.3.1
      kernel-default-devel-4.4.57-18.3.1
      kernel-obs-build-4.4.57-18.3.1
      kernel-obs-build-debugsource-4.4.57-18.3.1
      kernel-obs-qa-4.4.57-18.3.1
      kernel-syms-4.4.57-18.3.1
      kernel-vanilla-4.4.57-18.3.1
      kernel-vanilla-base-4.4.57-18.3.1
      kernel-vanilla-base-debuginfo-4.4.57-18.3.1
      kernel-vanilla-debuginfo-4.4.57-18.3.1
      kernel-vanilla-debugsource-4.4.57-18.3.1
      kernel-vanilla-devel-4.4.57-18.3.1


References:

   https://www.suse.com/security/cve/CVE-2016-10200.html
   https://www.suse.com/security/cve/CVE-2016-2117.html
   https://www.suse.com/security/cve/CVE-2016-9191.html
   https://www.suse.com/security/cve/CVE-2017-2596.html
   https://www.suse.com/security/cve/CVE-2017-2636.html
   https://www.suse.com/security/cve/CVE-2017-6214.html
   https://www.suse.com/security/cve/CVE-2017-6345.html
   https://www.suse.com/security/cve/CVE-2017-6346.html
   https://www.suse.com/security/cve/CVE-2017-6347.html
   https://www.suse.com/security/cve/CVE-2017-6353.html
   https://www.suse.com/security/cve/CVE-2017-7184.html
   https://bugzilla.suse.com/1007959
   https://bugzilla.suse.com/1007962
   https://bugzilla.suse.com/1008842
   https://bugzilla.suse.com/1011913
   https://bugzilla.suse.com/1012910
   https://bugzilla.suse.com/1013994
   https://bugzilla.suse.com/1015609
   https://bugzilla.suse.com/1017461
   https://bugzilla.suse.com/1017641
   https://bugzilla.suse.com/1018263
   https://bugzilla.suse.com/1018419
   https://bugzilla.suse.com/1019163
   https://bugzilla.suse.com/1019618
   https://bugzilla.suse.com/1020048
   https://bugzilla.suse.com/1022785
   https://bugzilla.suse.com/1023866
   https://bugzilla.suse.com/1024015
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1025683
   https://bugzilla.suse.com/1026405
   https://bugzilla.suse.com/1026462
   https://bugzilla.suse.com/1026505
   https://bugzilla.suse.com/1026509
   https://bugzilla.suse.com/1026692
   https://bugzilla.suse.com/1026722
   https://bugzilla.suse.com/1027054
   https://bugzilla.suse.com/1027066
   https://bugzilla.suse.com/1027179
   https://bugzilla.suse.com/1027189
   https://bugzilla.suse.com/1027190
   https://bugzilla.suse.com/1027195
   https://bugzilla.suse.com/1027273
   https://bugzilla.suse.com/1027565
   https://bugzilla.suse.com/1027575
   https://bugzilla.suse.com/1028017
   https://bugzilla.suse.com/1028041
   https://bugzilla.suse.com/1028158
   https://bugzilla.suse.com/1028217
   https://bugzilla.suse.com/1028325
   https://bugzilla.suse.com/1028372
   https://bugzilla.suse.com/1028415
   https://bugzilla.suse.com/1028819
   https://bugzilla.suse.com/1028895
   https://bugzilla.suse.com/1029220
   https://bugzilla.suse.com/1029986
   https://bugzilla.suse.com/1030573
   https://bugzilla.suse.com/1030575
   https://bugzilla.suse.com/951844
   https://bugzilla.suse.com/968697
   https://bugzilla.suse.com/969755
   https://bugzilla.suse.com/982783
   https://bugzilla.suse.com/998106

openSUSE: 2017:0907-1: important: the Linux Kernel

April 1, 2017
An update that solves 11 vulnerabilities and has 41 fixes An update that solves 11 vulnerabilities and has 41 fixes An update that solves 11 vulnerabilities and has 41 fixes is now...

Description

The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs. The following security bugs were fixed: - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). The following non-security bugs were fixed: - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819). - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819). - ACPI: Remove platform devices from a bus on removal (bsc#1028819). - add mainline tag to one hyperv patch - bnx2x: allow adding VLANs while interface is down (bsc#1027273). - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641). - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325). - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325). - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461). - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015) - crypto: algif_hash - avoid zero-sized array (bnc#1007962). - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692). - drivers: hv: vmbus: Prevent sending data on a rescinded channel (fate#320485, bug#1028217). - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913). - drm/i915: Listen for PMIC bus access notifications (bsc#1011913). - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959, fate#322780) - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56). - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755). - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755). - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913). - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913). - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913). - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913). - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913). - i2c-designware: increase timeout (bsc#1011913). - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913). - i2c: designware: Rename accessor_flags to flags (bsc#1011913). - kABI: protect struct iscsi_conn (kabi). - kABI: protect struct se_node_acl (kabi). - kABI: restore can_rx_register parameters (kabi). - kgr/module: make a taint flag module-specific (fate#313296). - kgr: remove all arch-specific kgraft header files (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-418=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.2 (noarch): kernel-devel-4.4.57-18.3.1 kernel-docs-4.4.57-18.3.2 kernel-docs-html-4.4.57-18.3.2 kernel-docs-pdf-4.4.57-18.3.2 kernel-macros-4.4.57-18.3.1 kernel-source-4.4.57-18.3.1 kernel-source-vanilla-4.4.57-18.3.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.57-18.3.1 kernel-debug-base-4.4.57-18.3.1 kernel-debug-base-debuginfo-4.4.57-18.3.1 kernel-debug-debuginfo-4.4.57-18.3.1 kernel-debug-debugsource-4.4.57-18.3.1 kernel-debug-devel-4.4.57-18.3.1 kernel-debug-devel-debuginfo-4.4.57-18.3.1 kernel-default-4.4.57-18.3.1 kernel-default-base-4.4.57-18.3.1 kernel-default-base-debuginfo-4.4.57-18.3.1 kernel-default-debuginfo-4.4.57-18.3.1 kernel-default-debugsource-4.4.57-18.3.1 kernel-default-devel-4.4.57-18.3.1 kernel-obs-build-4.4.57-18.3.1 kernel-obs-build-debugsource-4.4.57-18.3.1 kernel-obs-qa-4.4.57-18.3.1 kernel-syms-4.4.57-18.3.1 kernel-vanilla-4.4.57-18.3.1 kernel-vanilla-base-4.4.57-18.3.1 kernel-vanilla-base-debuginfo-4.4.57-18.3.1 kernel-vanilla-debuginfo-4.4.57-18.3.1 kernel-vanilla-debugsource-4.4.57-18.3.1 kernel-vanilla-devel-4.4.57-18.3.1


References

bsc#998106,bsc#1020048,bsc#982783). - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783). - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195). - mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195). - module: move add_taint_module() to a header file (fate#313296). - net/ena: change condition for host attribute configuration (bsc#1026509). - net/ena: change driver's default timeouts (bsc#1026509). - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509). - net: ena: Fix error return code in ena_device_init() (bsc#1026509). - net/ena: fix ethtool RSS flow configuration (bsc#1026509). - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509). - net/ena: fix potential access to freed memory during device reset (bsc#1026509). - net/ena: fix queues number calculation (bsc#1026509). - net/ena: fix RSS default hash configuration (bsc#1026509). - net/ena: reduce the severity of ena printouts (bsc#1026509). - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509). - net/ena: remove ntuple filter support from device feature list (bsc#1026509). - net: ena: remove superfluous check in ena_remove() (bsc#1026509). - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509). - net/ena: update driver version to 1.1.2 (bsc#1026509). - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509). - net: ena: use setup_timer() and mod_timer() (bsc#1026509). - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017). - net/mlx4_en: Fix bad WQE issue (bsc#1028017). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - nvme: Do not suspend admin queue that wasn't created (bsc#1026505). - nvme: Suspend all queues before deletion (bsc#1026505). - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (fate#320485, bug#1028217). - PCI: hv: Use device serial number as PCI domain (fate#320485, bug#1028217). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783). - Revert "give up on gcc ilog2() constant optimizations" (kabi). - Revert "net: introduce device min_header_len" (kabi). - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow" (bsc#1028017). - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi). - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi). - Revert "target: Fix NULL dereference during LUN lookup + active I/O shutdown" (kabi). - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462). - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573). - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683, LTC#152318). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054). - softirq: Let ksoftirqd do its job (bsc#1019618). - supported.conf: Add tcp_westwood as supported module (fate#322432) - taint/module: Clean up global and module taint flags handling (fate#313296). - Update mainline reference in patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch S ee (bsc#1028158) for the context in which this was discovered upstream. - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866). - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994). - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405). - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405). - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913). - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913). - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220). - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866). - x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866). - x86/platform/UV: Clean up the UV APIC code (bsc#1023866). - x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866). - x86/platform/UV: Fix 2 socket config problem (bsc#1023866). - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866). - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866). - x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen/blkfront: Fix crash if backend does not follow the right states. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609).References: https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-2117.html https://www.suse.com/security/cve/CVE-2016-9191.html https://www.suse.com/security/cve/CVE-2017-2596.html https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6345.html https://www.suse.com/security/cve/CVE-2017-6346.html https://www.suse.com/security/cve/CVE-2017-6347.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1007959 https://bugzilla.suse.com/1007962 https://bugzilla.suse.com/1008842 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012910 https://bugzilla.suse.com/1013994 https://bugzilla.suse.com/1015609 https://bugzilla.suse.com/1017461 https://bugzilla.suse.com/1017641 https://bugzilla.suse.com/1018263 https://bugzilla.suse.com/1018419 https://bugzilla.suse.com/1019163 https://bugzilla.suse.com/1019618 https://bugzilla.suse.com/1020048 https://bugzilla.suse.com/1022785 https://bugzilla.suse.com/1023866 https://bugzilla.suse.com/1024015 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1025683 https://bugzilla.suse.com/1026405 https://bugzilla.suse.com/1026462 https://bugzilla.suse.com/1026505 https://bugzilla.suse.com/1026509 https://bugzilla.suse.com/1026692 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1027054 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027179 https://bugzilla.suse.com/1027189 https://bugzilla.suse.com/1027190 https://bugzilla.suse.com/1027195 https://bugzilla.suse.com/1027273 https://bugzilla.suse.com/1027565 https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1028017 https://bugzilla.suse.com/1028041 https://bugzilla.suse.com/1028158 https://bugzilla.suse.com/1028217 https://bugzilla.suse.com/1028325 https://bugzilla.suse.com/1028372 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028819 https://bugzilla.suse.com/1028895 https://bugzilla.suse.com/1029220 https://bugzilla.suse.com/1029986 https://bugzilla.suse.com/1030573 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/968697 https://bugzilla.suse.com/969755 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/998106


Severity
Announcement ID: openSUSE-SU-2017:0907-1
Rating: important
Affected Products: openSUSE Leap 42.2

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved