   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2171-1
Rating:             important
References:         #1015337 #1019151 #1023175 #1037404 #1037994 
                    #1038078 #1038792 #1039153 #1043652 #1043805 
                    #1047027 #1048912 #1049298 #1051399 #1051556 
                    #1051689 #1051979 #1052049 #1052204 #1052223 
                    #1052311 #1052325 #1052365 #1052442 #1052533 
                    #1052709 #1052773 #1052794 #1052899 #1052925 
                    #1053043 #1053531 
Cross-References:   CVE-2017-1000111 CVE-2017-1000112 CVE-2017-8831
                   
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that solves three vulnerabilities and has 29
   fixes is now available.

Description:

   The openSUSE Leap 42.3 kernel was updated to receive various security and
   bugfixes.

   The following security bugs were fixed:

   - CVE-2017-1000111: Fixed a race condition in net-packet code that could
     be exploited to cause out-of-bounds memory access (bsc#1052365).
   - CVE-2017-1000112: Fixed a race condition in net-packet code that could
     have been exploited by unprivileged users to gain root access.
     (bsc#1052311).
   - CVE-2017-8831: The saa7164_bus_get function in
     drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
     local users to cause a denial of service (out-of-bounds array access) or
     possibly have unspecified other impact by changing a certain
     sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).

   The following non-security bugs were fixed:

   - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2
     (bsc#1052325).
   - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).
   - bcache: force trigger gc (bsc#1038078).
   - bcache: only recovery I/O error for writethrough mode (bsc#1043652).
   - block: do not allow updates through sysfs until registration completes
     (bsc#1047027).
   - config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).
   - drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60
     seconds (bnc#1039153)
   - drivers: hv: Fix a typo (fate#320485).
   - drivers: hv: util: Make hv_poll_channel() a little more efficient
     (fate#320485).
   - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page
     (fate#320485).
   - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg()
     (fate#320485).
   - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204).
   - hv_netvsc: change netvsc device default duplex to FULL (fate#320485).
   - hv_netvsc: Fix the carrier state error when data path is off
     (fate#320485).
   - hv_netvsc: Remove unnecessary var link_state from struct
     netvsc_device_info (fate#320485).
   - hyperv: fix warning about missing prototype (fate#320485).
   - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary
     (fate#320485).
   - hyperv: remove unnecessary return variable (fate#320485).
   - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).
   - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).
   - ibmvnic: Check for transport event on driver resume (bsc#1051556,
     bsc#1052709).
   - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).
   - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).
   - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).
   - iommu/amd: Fix schedule-while-atomic BUG in initialization code
     (bsc1052533).
   - KABI protect struct acpi_nfit_desc (bsc#1052325).
   - kabi/severities: add drivers/scsi/hisi_sas to kabi severities
   - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).
   - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).
   - net: add netdev_lockdep_set_classes() helper (fate#320485).
   - net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485).
   - net/mlx4_core: Fixes missing capability bit in flags2 capability dump
     (bsc#1015337).
   - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit
     (bsc#1015337).
   - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump
     (bsc#1015337).
   - netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during
     initialization will be replaced by following changes
   - netsvc: Revert "netvsc: optimize calculation of number of slots"
     (fate#320485).
   - netvsc: add comments about callback's and NAPI (fate#320485).
   - netvsc: Add #include's for csum_* function declarations (fate#320485).
   - netvsc: add rtnl annotations in rndis (fate#320485).
   - netvsc: add some rtnl_dereference annotations (fate#320485).
   - netvsc: avoid race with callback (fate#320485).
   - netvsc: change logic for change mtu and set_queues (fate#320485).
   - netvsc: change max channel calculation (fate#320485).
   - netvsc: change order of steps in setting queues (fate#320485).
   - netvsc: Deal with rescinded channels correctly (fate#320485).
   - netvsc: do not access netdev->num_rx_queues directly (fate#320485).
   - netvsc: do not overload variable in same function (fate#320485).
   - netvsc: do not print pointer value in error message (fate#320485).
   - netvsc: eliminate unnecessary skb == NULL checks (fate#320485).
   - netvsc: enable GRO (fate#320485).
   - netvsc: Fix a bug in sub-channel handling (fate#320485).
   - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).
   - netvsc: fix calculation of available send sections (fate#320485).
   - netvsc: fix dereference before null check errors (fate#320485).
   - netvsc: fix error unwind on device setup failure (fate#320485).
   - netvsc: fix hang on netvsc module removal (fate#320485).
   - netvsc: fix NAPI performance regression (fate#320485).
   - netvsc: fix net poll mode (fate#320485).
   - netvsc: fix netvsc_set_channels (fate#320485).
   - netvsc: fix ptr_ret.cocci warnings (fate#320485).
   - netvsc: fix rcu dereference warning from ethtool (fate#320485).
   - netvsc: fix RCU warning in get_stats (fate#320485).
   - netvsc: fix return value for set_channels (fate#320485).
   - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).
   - netvsc: fix use after free on module removal (fate#320485).
   - netvsc: fix warnings reported by lockdep (fate#320485).
   - netvsc: fold in get_outbound_net_device (fate#320485).
   - netvsc: force link update after MTU change (fate#320485).
   - netvsc: handle offline mtu and channel change (fate#320485).
   - netvsc: implement NAPI (fate#320485).
   - netvsc: include rtnetlink.h (fate#320485).
   - netvsc: Initialize all channel related state prior to opening the
     channel (fate#320485).
   - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).
   - netvsc: make sure napi enabled before vmbus_open (fate#320485).
   - netvsc: mark error cases as unlikely (fate#320485).
   - netvsc: move filter setting to rndis_device (fate#320485).
   - netvsc: need napi scheduled during removal (fate#320485).
   - netvsc: need rcu_derefence when accessing internal device info
     (fate#320485).
   - netvsc: optimize calculation of number of slots (fate#320485).
   - netvsc: optimize receive completions (fate#320485).
   - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp
     (fate#320485).
   - netvsc: prefetch the first incoming ring element (fate#320485).
   - netvsc: Properly initialize the return value (fate#320485).
   - netvsc: remove bogus rtnl_unlock (fate#320485).
   - netvsc: remove no longer used max_num_rss queues (fate#320485).
   - netvsc: Remove redundant use of ipv6_hdr() (fate#320485).
   - netvsc: remove unnecessary indirection of page_buffer (fate#320485).
   - netvsc: remove unnecessary lock on shutdown (fate#320485).
   - netvsc: remove unused #define (fate#320485).
   - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb
     (fate#320485).
   - netvsc: save pointer to parent netvsc_device in channel table
     (fate#320485).
   - netvsc: signal host if receive ring is emptied (fate#320485).
   - netvsc: transparent VF management (fate#320485, bsc#1051979).
   - netvsc: use ERR_PTR to avoid dereference issues (fate#320485).
   - netvsc: use hv_get_bytes_to_read (fate#320485).
   - netvsc: use napi_consume_skb (fate#320485).
   - netvsc: use RCU to protect inner device structure (fate#320485).
   - netvsc: uses RCU instead of removal flag (fate#320485).
   - netvsc: use typed pointer for internal state (fate#320485).
   - nvme: fabrics commands should use the fctype field for data direction
     (bsc#1043805).
   - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9
     (bsc#1053043 (git-fixes)).
   - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes
     08e1c01d6aed).
   - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).
   - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).
   - scsi: aacraid: fix PCI error recovery path (bsc#1048912).
   - scsi_devinfo: fixup string compare (bsc#1037404).
   - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).
   - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).
   - scsi: hisi_sas: add v2 hw internal abort timeout workaround
     (bsc#1049298).
   - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors     (bsc#1049298).
   - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).
   - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()
     (bsc#1049298).
   - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).
   - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).
   - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).
   - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).
   - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).
   - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).
   - scsi: lpfc: do not double count abort errors (bsc#1048912).
   - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).
   - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).
   - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).
   - scsi: storvsc: remove return at end of void function (fate#320485).
   - tools: hv: Add clean up for included files in Ubuntu net config
     (fate#320485).
   - tools: hv: Add clean up function for Ubuntu config (fate#320485).
   - tools: hv: properly handle long paths (fate#320485).
   - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).
   - tools: hv: set hotplug for VF on Suse (fate#320485).
   - tools: hv: vss: Thaw the filesystem and continue if freeze call has
     timed out (fate#320485).
   - vfs: fix missing inode_get_dev sites (bsc#1052049).
   - vmbus: cleanup header file style (fate#320485).
   - vmbus: expose debug info for drivers (fate#320485).
   - vmbus: fix spelling errors (fate#320485).
   - vmbus: introduce in-place packet iterator (fate#320485).
   - vmbus: only reschedule tasklet if time limit exceeded (fate#320485).
   - vmbus: re-enable channel tasklet (fate#320485).
   - vmbus: remove unnecessary initialization (fate#320485).
   - vmbus: remove useless return's (fate#320485).
   - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()
     (bsc#1051399).
   - x86/hyperv: Check frequency MSRs presence according to the specification
     (fate#320485).
   - The package release number was increased to be higher than the Leap 42.2
     package (boo#1053531).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2017-930=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.3 (x86_64):

      kernel-debug-4.4.79-19.1
      kernel-debug-base-4.4.79-19.1
      kernel-debug-base-debuginfo-4.4.79-19.1
      kernel-debug-debuginfo-4.4.79-19.1
      kernel-debug-debugsource-4.4.79-19.1
      kernel-debug-devel-4.4.79-19.1
      kernel-debug-devel-debuginfo-4.4.79-19.1
      kernel-default-4.4.79-19.1
      kernel-default-base-4.4.79-19.1
      kernel-default-base-debuginfo-4.4.79-19.1
      kernel-default-debuginfo-4.4.79-19.1
      kernel-default-debugsource-4.4.79-19.1
      kernel-default-devel-4.4.79-19.1
      kernel-obs-build-4.4.79-19.1
      kernel-obs-build-debugsource-4.4.79-19.1
      kernel-obs-qa-4.4.79-19.1
      kernel-syms-4.4.79-19.1
      kernel-vanilla-4.4.79-19.1
      kernel-vanilla-base-4.4.79-19.1
      kernel-vanilla-base-debuginfo-4.4.79-19.1
      kernel-vanilla-debuginfo-4.4.79-19.1
      kernel-vanilla-debugsource-4.4.79-19.1
      kernel-vanilla-devel-4.4.79-19.1

   - openSUSE Leap 42.3 (noarch):

      kernel-devel-4.4.79-19.1
      kernel-docs-4.4.79-19.2
      kernel-docs-html-4.4.79-19.2
      kernel-docs-pdf-4.4.79-19.2
      kernel-macros-4.4.79-19.1
      kernel-source-4.4.79-19.1
      kernel-source-vanilla-4.4.79-19.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000111.html
   https://www.suse.com/security/cve/CVE-2017-1000112.html
   https://www.suse.com/security/cve/CVE-2017-8831.html
   https://bugzilla.suse.com/1015337
   https://bugzilla.suse.com/1019151
   https://bugzilla.suse.com/1023175
   https://bugzilla.suse.com/1037404
   https://bugzilla.suse.com/1037994
   https://bugzilla.suse.com/1038078
   https://bugzilla.suse.com/1038792
   https://bugzilla.suse.com/1039153
   https://bugzilla.suse.com/1043652
   https://bugzilla.suse.com/1043805
   https://bugzilla.suse.com/1047027
   https://bugzilla.suse.com/1048912
   https://bugzilla.suse.com/1049298
   https://bugzilla.suse.com/1051399
   https://bugzilla.suse.com/1051556
   https://bugzilla.suse.com/1051689
   https://bugzilla.suse.com/1051979
   https://bugzilla.suse.com/1052049
   https://bugzilla.suse.com/1052204
   https://bugzilla.suse.com/1052223
   https://bugzilla.suse.com/1052311
   https://bugzilla.suse.com/1052325
   https://bugzilla.suse.com/1052365
   https://bugzilla.suse.com/1052442
   https://bugzilla.suse.com/1052533
   https://bugzilla.suse.com/1052709
   https://bugzilla.suse.com/1052773
   https://bugzilla.suse.com/1052794
   https://bugzilla.suse.com/1052899
   https://bugzilla.suse.com/1052925
   https://bugzilla.suse.com/1053043
   https://bugzilla.suse.com/1053531

--

openSUSE: 2017:2171-1: important: the Linux Kernel

August 15, 2017

An update that solves three vulnerabilities and has 29 fixes is now available.

Description

The openSUSE Leap 42.3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). The following non-security bugs were fixed: - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325). - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204). - drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153) - drivers: hv: Fix a typo (fate#320485). - drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485). - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485). - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485). - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204). - hv_netvsc: change netvsc device default duplex to FULL (fate#320485). - hv_netvsc: Fix the carrier state error when data path is off (fate#320485). - hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485). - hyperv: fix warning about missing prototype (fate#320485). - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485). - hyperv: remove unnecessary return variable (fate#320485). - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689). - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - KABI protect struct acpi_nfit_desc (bsc#1052325). - kabi/severities: add drivers/scsi/hisi_sas to kabi severities - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - net: add netdev_lockdep_set_classes() helper (fate#320485). - net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485). - net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337). - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337). - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337). - netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes - netsvc: Revert "netvsc: optimize calculation of number of slots" (fate#320485). - netvsc: add comments about callback's and NAPI (fate#320485). - netvsc: Add #include's for csum_* function declarations (fate#320485). - netvsc: add rtnl annotations in rndis (fate#320485). - netvsc: add some rtnl_dereference annotations (fate#320485). - netvsc: avoid race with callback (fate#320485). - netvsc: change logic for change mtu and set_queues (fate#320485). - netvsc: change max channel calculation (fate#320485). - netvsc: change order of steps in setting queues (fate#320485). - netvsc: Deal with rescinded channels correctly (fate#320485). - netvsc: do not access netdev->num_rx_queues directly (fate#320485). - netvsc: do not overload variable in same function (fate#320485). - netvsc: do not print pointer value in error message (fate#320485). - netvsc: eliminate unnecessary skb == NULL checks (fate#320485). - netvsc: enable GRO (fate#320485). - netvsc: Fix a bug in sub-channel handling (fate#320485). - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485). - netvsc: fix calculation of available send sections (fate#320485). - netvsc: fix dereference before null check errors (fate#320485). - netvsc: fix error unwind on device setup failure (fate#320485). - netvsc: fix hang on netvsc module removal (fate#320485). - netvsc: fix NAPI performance regression (fate#320485). - netvsc: fix net poll mode (fate#320485). - netvsc: fix netvsc_set_channels (fate#320485). - netvsc: fix ptr_ret.cocci warnings (fate#320485). - netvsc: fix rcu dereference warning from ethtool (fate#320485). - netvsc: fix RCU warning in get_stats (fate#320485). - netvsc: fix return value for set_channels (fate#320485). - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442). - netvsc: fix use after free on module removal (fate#320485). - netvsc: fix warnings reported by lockdep (fate#320485). - netvsc: fold in get_outbound_net_device (fate#320485). - netvsc: force link update after MTU change (fate#320485). - netvsc: handle offline mtu and channel change (fate#320485). - netvsc: implement NAPI (fate#320485). - netvsc: include rtnetlink.h (fate#320485). - netvsc: Initialize all channel related state prior to opening the channel (fate#320485). - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899). - netvsc: make sure napi enabled before vmbus_open (fate#320485). - netvsc: mark error cases as unlikely (fate#320485). - netvsc: move filter setting to rndis_device (fate#320485). - netvsc: need napi scheduled during removal (fate#320485). - netvsc: need rcu_derefence when accessing internal device info (fate#320485). - netvsc: optimize calculation of number of slots (fate#320485). - netvsc: optimize receive completions (fate#320485). - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485). - netvsc: prefetch the first incoming ring element (fate#320485). - netvsc: Properly initialize the return value (fate#320485). - netvsc: remove bogus rtnl_unlock (fate#320485). - netvsc: remove no longer used max_num_rss queues (fate#320485). - netvsc: Remove redundant use of ipv6_hdr() (fate#320485). - netvsc: remove unnecessary indirection of page_buffer (fate#320485). - netvsc: remove unnecessary lock on shutdown (fate#320485). - netvsc: remove unused #define (fate#320485). - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485). - netvsc: save pointer to parent netvsc_device in channel table (fate#320485). - netvsc: signal host if receive ring is emptied (fate#320485). - netvsc: transparent VF management (fate#320485, bsc#1051979). - netvsc: use ERR_PTR to avoid dereference issues (fate#320485). - netvsc: use hv_get_bytes_to_read (fate#320485). - netvsc: use napi_consume_skb (fate#320485). - netvsc: use RCU to protect inner device structure (fate#320485). - netvsc: uses RCU instead of removal flag (fate#320485). - netvsc: use typed pointer for internal state (fate#320485). - nvme: fabrics commands should use the fctype field for data direction (bsc#1043805). - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)). - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925). - scsi: aacraid: fix PCI error recovery path (bsc#1048912). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298). - scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298). - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298). - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298). - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298). - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298). - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298). - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298). - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298). - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298). - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298). - scsi: lpfc: do not double count abort errors (bsc#1048912). - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912). - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912). - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485). - scsi: storvsc: remove return at end of void function (fate#320485). - tools: hv: Add clean up for included files in Ubuntu net config (fate#320485). - tools: hv: Add clean up function for Ubuntu config (fate#320485). - tools: hv: properly handle long paths (fate#320485). - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485). - tools: hv: set hotplug for VF on Suse (fate#320485). - tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485). - vfs: fix missing inode_get_dev sites (bsc#1052049). - vmbus: cleanup header file style (fate#320485). - vmbus: expose debug info for drivers (fate#320485). - vmbus: fix spelling errors (fate#320485). - vmbus: introduce in-place packet iterator (fate#320485). - vmbus: only reschedule tasklet if time limit exceeded (fate#320485). - vmbus: re-enable channel tasklet (fate#320485). - vmbus: remove unnecessary initialization (fate#320485). - vmbus: remove useless return's (fate#320485). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485). - The package release number was increased to be higher than the Leap 42.2 package (boo#1053531).

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-930=1 To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.79-19.1 kernel-debug-base-4.4.79-19.1 kernel-debug-base-debuginfo-4.4.79-19.1 kernel-debug-debuginfo-4.4.79-19.1 kernel-debug-debugsource-4.4.79-19.1 kernel-debug-devel-4.4.79-19.1 kernel-debug-devel-debuginfo-4.4.79-19.1 kernel-default-4.4.79-19.1 kernel-default-base-4.4.79-19.1 kernel-default-base-debuginfo-4.4.79-19.1 kernel-default-debuginfo-4.4.79-19.1 kernel-default-debugsource-4.4.79-19.1 kernel-default-devel-4.4.79-19.1 kernel-obs-build-4.4.79-19.1 kernel-obs-build-debugsource-4.4.79-19.1 kernel-obs-qa-4.4.79-19.1 kernel-syms-4.4.79-19.1 kernel-vanilla-4.4.79-19.1 kernel-vanilla-base-4.4.79-19.1 kernel-vanilla-base-debuginfo-4.4.79-19.1 kernel-vanilla-debuginfo-4.4.79-19.1 kernel-vanilla-debugsource-4.4.79-19.1 kernel-vanilla-devel-4.4.79-19.1 - openSUSE Leap 42.3 (noarch): kernel-devel-4.4.79-19.1 kernel-docs-4.4.79-19.2 kernel-docs-html-4.4.79-19.2 kernel-docs-pdf-4.4.79-19.2 kernel-macros-4.4.79-19.1 kernel-source-4.4.79-19.1 kernel-source-vanilla-4.4.79-19.1

References

https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-8831.html https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1019151 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1037404 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038792 https://bugzilla.suse.com/1039153 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1043805 https://bugzilla.suse.com/1047027 https://bugzilla.suse.com/1048912 https://bugzilla.suse.com/1049298 https://bugzilla.suse.com/1051399 https://bugzilla.suse.com/1051556 https://bugzilla.suse.com/1051689 https://bugzilla.suse.com/1051979 https://bugzilla.suse.com/1052049 https://bugzilla.suse.com/1052204 https://bugzilla.suse.com/1052223 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052325 https://bugzilla.suse.com/1052365 https://bugzilla.suse.com/1052442 https://bugzilla.suse.com/1052533 https://bugzilla.suse.com/1052709 https://bugzilla.suse.com/1052773 https://bugzilla.suse.com/1052794 https://bugzilla.suse.com/1052899 https://bugzilla.suse.com/1052925 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1053531--