openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2905-1
Rating:             important
References:         #1012382 #1020645 #1022595 #1022600 #1025461 
                    #1028971 #1034048 #1055567 #1056427 #1059863 
                    #1060985 #1061451 #1062520 #1062962 #1063460 
                    #1063475 #1063501 #1063509 #1063520 #1063667 
                    #1063695 #1064206 #1064388 #964944 #966170 
                    #966172 #966186 #966191 #966316 #966318 #969474 
                    #969475 #969476 #969477 #971975 
Cross-References:   CVE-2017-13080 CVE-2017-15265 CVE-2017-15649
                   
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves three vulnerabilities and has 32
   fixes is now available.

Description:



   The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
     reinstallation of the Group Temporal Key (GTK) during the group key
     handshake, allowing an attacker within radio range to replay frames from
     access points to clients (bnc#1063667).
   - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
     allowed local users to cause a denial of service (use-after-free) or
     possibly have unspecified other impact via crafted /dev/snd/seq ioctl
     calls, related to sound/core/seq/seq_clientmgr.c and
     sound/core/seq/seq_ports.c (bnc#1062520).
   - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
     users to gain privileges via crafted system calls that trigger
     mishandling of packet_fanout data structures, because of a race
     condition (involving fanout_add and packet_do_bind) that leads to a
     use-after-free, a different vulnerability than CVE-2017-6346
     (bnc#1064388).

   The following non-security bugs were fixed:

   - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
   - alsa: compress: Remove unused variable (bnc#1012382).
   - alsa: usb-audio: Check out-of-bounds access by corrupted buffer
     descriptor (bnc#1012382).
   - alsa: usx2y: Suppress kernel warning at page allocation failures
     (bnc#1012382).
   - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).
   - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
     (bnc#1012382).
   - arm: remove duplicate 'const' annotations' (bnc#1012382).
   - asoc: dapm: fix some pointer error handling (bnc#1012382).
   - asoc: dapm: handle probe deferrals (bnc#1012382).
   - audit: log 32-bit socketcalls (bnc#1012382).
   - blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in
     pnv_ioda_parse_m64_window()
   - blacklist.conf: not fitting cleanup patch
   - brcmfmac: setup passive scan if requested by user-space (bnc#1012382).
   - bridge: netlink: register netdevice before executing changelink
     (bnc#1012382).
   - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL
     (bsc#1061451).
   - ceph: check negative offsets in ceph_llseek() (bsc#1061451).
   - driver core: platform: Do not read past the end of "driver_override"
     buffer (bnc#1012382).
   - drivers: firmware: psci: drop duplicate const from psci_of_match
     (bnc#1012382).
   - drivers: hv: fcopy: restore correct transfer length (bnc#1012382).
   - drm/amdkfd: fix improper return value on error (bnc#1012382).
   - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).
   - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382).
   - drm/i915/bios: ignore HDMI on port A (bnc#1012382).
   - ext4: do not allow encrypted operations without keys (bnc#1012382).
   - extcon: axp288: Use vbus-valid instead of -present to determine cable
     presence (bnc#1012382).
   - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).
   - fix whitespace according to upstream commit
   - fs/epoll: cache leftmost node (bsc#1056427).
   - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382).
   - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382).
   - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).
   - hpsa: correct lun data caching bitmap definition (bsc#1028971).
   - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
     attributes (bnc#1012382).
   - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382).
   - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476
     FATE#319648 bsc#969477 FATE#319816).
   - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477
     FATE#319816).
   - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477
     FATE#319816).
   - ib/core: Fix for core panic (bsc#1022595 FATE#322350).
   - ib/core: Fix the validations of a multicast LID in attach or detach
     operations (bsc#1022595 FATE#322350).
   - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648
     bsc#969477 FATE#319816).
   - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382).
   - ib/ipoib: Replace list_del of the neigh->list with list_del_init
     (bnc#1012382).
   - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382).
   - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170
     FATE#320225 bsc#966172 FATE#320226).
   - ibmvnic: Set state UP (bsc#1062962).
   - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382).
   - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).
   - iio: ad7793: Fix the serial interface reset (bnc#1012382).
   - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register
     modifications (bnc#1012382).
   - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).
   - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).
   - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).
   - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling
     path of 'twl4030_madc_probe()' (bnc#1012382).
   - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
     (bnc#1012382).
   - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382).
   - iio: core: Return error for failed read_reg (bnc#1012382).
   - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
     (bnc#1012382).
   - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).
   - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags
     (bsc#969474 FATE#319812 bsc#969475 FATE#319814).
   - kABI: protect struct rm_data_op (kabi).
   - kABI: protect struct sdio_func (kabi).
   - libata: transport: Remove circular dependency at free time (bnc#1012382).
   - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
     (bnc#1012382).
   - md/raid10: submit bio directly to replacement disk (bnc#1012382).
   - mips: Ensure bss section ends on a long-aligned address (bnc#1012382).
   - mips: Fix minimum alignment requirement of IRQ stack (git-fixes).
   - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).
   - mips: Lantiq: Fix another request_mem_region() return code check
     (bnc#1012382).
   - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).
   - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array
     (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
   - mm/backing-dev.c: fix an error handling path in 'cgwb_create()'
     (bnc#1063475).
   - mm,compaction: serialize waitqueue_active() checks (for real)
     (bsc#971975).
   - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).
   - mm: discard memblock data later (bnc#1063460).
   - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).
   - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509).
   - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to
     inline function (bnc#1063501).
   - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as
     unsigned long (bnc#1063520).
   - net: core: Prevent from dereferencing null pointer when releasing SKB
     (bnc#1012382).
   - netfilter: invoke synchronize_rcu after set the _hook_ to NULL
     (bnc#1012382).
   - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
     (bnc#1012382).
   - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
     (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
   - net/mlx5e: Fix wrong delay calculation for overflow check scheduling
     (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
   - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170
     FATE#320225 bsc#966172 FATE#320226).
   - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170
     FATE#320225 bsc#966172 FATE#320226).
   - net/packet: check length in getsockopt() called with PACKET_HDRLEN
     (bnc#1012382).
   - nvme: protect against simultaneous shutdown invocations (FATE#319965
     bnc#1012382 bsc#964944).
   - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).
   - partitions/efi: Fix integer overflow in GPT size calculation
     (bnc#1012382).
   - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316
     FATE#320159).
   - rds: ib: add error handle (bnc#1012382).
   - rds: RDMA: Fix the composite message user notification (bnc#1012382).
   - README.BRANCH: Add Michal and Johannes as co-maintainers.
   - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).
   - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971).
   - scsi: hpsa: bump driver version (bsc#1022600 fate#321928).
   - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928).
   - scsi: hpsa: Check for null device pointers (bsc#1028971).
   - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971).
   - scsi: hpsa: Check for vpd support before sending (bsc#1028971).
   - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928).
   - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971).
   - scsi: hpsa: correct logical resets (bsc#1028971).
   - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928).
   - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928).
   - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971).
   - scsi: hpsa: Determine device external status earlier (bsc#1028971).
   - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600
     fate#321928).
   - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928).
   - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971
     fate#321928).
   - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971).
   - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971
     fate#321928).
   - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971
     fate#321928).
   - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971).
   - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928).
   - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971).
   - scsi: hpsa: remove memory allocate failure message (bsc#1028971).
   - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971).
   - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928).
   - scsi: hpsa: send ioaccel requests with 0 length down raid path
     (bsc#1022600 fate#321928).
   - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600
     fate#321928).
   - scsi: hpsa: update check for logical volume status (bsc#1022600
     bsc#1028971 fate#321928).
   - scsi: hpsa: update identify physical device structure (bsc#1022600
     fate#321928).
   - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928).
   - scsi: hpsa: update reset handler (bsc#1022600 fate#321928).
   - scsi: hpsa: use designated initializers (bsc#1028971).
   - scsi: hpsa: use %phN for short hex dumps (bsc#1028971).
   - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695).
   - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461).
   - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch
     is originally part of a larger series which can't be easily backported
     to SLE-12. For a reasoning why we think it's safe to apply, see
     bsc#1060985, comment 20.
   - scsi: sg: close race condition in sg_remove_sfp_usercontext()
     (bsc#1064206).
   - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382).
   - staging: iio: ad7192: Fix - use the dedicated reset function avoiding
     dma from stack (bnc#1012382).
   - stm class: Fix a use-after-free (bnc#1012382).
   - supported.conf: mark hid-multitouch as supported (FATE#323670)
   - team: call netdev_change_features out of team lock (bsc#1055567).
   - team: fix memory leaks (bnc#1012382).
   - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645,
     fate#321435, fate#321507, fate#321600, bsc#1034048).
   - ttpci: address stringop overflow warning (bnc#1012382).
   - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).
   - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).
   - usb: core: harden cdc_parse_cdc_header (bnc#1012382).
   - usb: devio: Do not corrupt user memory (bnc#1012382).
   - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).
   - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).
   - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).
   - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382).
   - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382).
   - usb: gadgetfs: Fix crash caused by inadequate synchronization
     (bnc#1012382).
   - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
     (bnc#1012382).
   - usb: gadget: mass_storage: set msg_registered after msg registered
     (bnc#1012382).
   - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).
   - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382).
   - usb: Increase quirk delay for USB devices (bnc#1012382).
   - usb: pci-quirks.c: Corrected timeout values used in handshake
     (bnc#1012382).
   - usb: plusb: Add support for PL-27A1 (bnc#1012382).
   - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
     (bnc#1012382).
   - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
     (bnc#1012382).
   - usb: serial: mos7720: fix control-message error handling (bnc#1012382).
   - usb: serial: mos7840: fix control-message error handling (bnc#1012382).
   - usb-storage: unusual_devs entry to fix write-access regression for
     Seagate external drives (bnc#1012382).
   - usb: uas: fix bug in handling of alternate settings (bnc#1012382).
   - uwb: ensure that endpoint is interrupt (bnc#1012382).
   - uwb: properly check kthread_run return value (bnc#1012382).
   - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).
   - xfs: remove kmem_zalloc_greedy (bnc#1012382).
   - xhci: fix finding correct bus_state structure for USB 3.1 hosts
     (bnc#1012382).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-1224=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.2 (noarch):

      kernel-devel-4.4.92-18.36.1
      kernel-docs-4.4.92-18.36.2
      kernel-docs-html-4.4.92-18.36.2
      kernel-docs-pdf-4.4.92-18.36.2
      kernel-macros-4.4.92-18.36.1
      kernel-source-4.4.92-18.36.1
      kernel-source-vanilla-4.4.92-18.36.1

   - openSUSE Leap 42.2 (x86_64):

      kernel-debug-4.4.92-18.36.1
      kernel-debug-base-4.4.92-18.36.1
      kernel-debug-base-debuginfo-4.4.92-18.36.1
      kernel-debug-debuginfo-4.4.92-18.36.1
      kernel-debug-debugsource-4.4.92-18.36.1
      kernel-debug-devel-4.4.92-18.36.1
      kernel-debug-devel-debuginfo-4.4.92-18.36.1
      kernel-default-4.4.92-18.36.1
      kernel-default-base-4.4.92-18.36.1
      kernel-default-base-debuginfo-4.4.92-18.36.1
      kernel-default-debuginfo-4.4.92-18.36.1
      kernel-default-debugsource-4.4.92-18.36.1
      kernel-default-devel-4.4.92-18.36.1
      kernel-obs-build-4.4.92-18.36.1
      kernel-obs-build-debugsource-4.4.92-18.36.1
      kernel-obs-qa-4.4.92-18.36.1
      kernel-syms-4.4.92-18.36.1
      kernel-vanilla-4.4.92-18.36.1
      kernel-vanilla-base-4.4.92-18.36.1
      kernel-vanilla-base-debuginfo-4.4.92-18.36.1
      kernel-vanilla-debuginfo-4.4.92-18.36.1
      kernel-vanilla-debugsource-4.4.92-18.36.1
      kernel-vanilla-devel-4.4.92-18.36.1


References:

   https://www.suse.com/security/cve/CVE-2017-13080.html
   https://www.suse.com/security/cve/CVE-2017-15265.html
   https://www.suse.com/security/cve/CVE-2017-15649.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1020645
   https://bugzilla.suse.com/1022595
   https://bugzilla.suse.com/1022600
   https://bugzilla.suse.com/1025461
   https://bugzilla.suse.com/1028971
   https://bugzilla.suse.com/1034048
   https://bugzilla.suse.com/1055567
   https://bugzilla.suse.com/1056427
   https://bugzilla.suse.com/1059863
   https://bugzilla.suse.com/1060985
   https://bugzilla.suse.com/1061451
   https://bugzilla.suse.com/1062520
   https://bugzilla.suse.com/1062962
   https://bugzilla.suse.com/1063460
   https://bugzilla.suse.com/1063475
   https://bugzilla.suse.com/1063501
   https://bugzilla.suse.com/1063509
   https://bugzilla.suse.com/1063520
   https://bugzilla.suse.com/1063667
   https://bugzilla.suse.com/1063695
   https://bugzilla.suse.com/1064206
   https://bugzilla.suse.com/1064388
   https://bugzilla.suse.com/964944
   https://bugzilla.suse.com/966170
   https://bugzilla.suse.com/966172
   https://bugzilla.suse.com/966186
   https://bugzilla.suse.com/966191
   https://bugzilla.suse.com/966316
   https://bugzilla.suse.com/966318
   https://bugzilla.suse.com/969474
   https://bugzilla.suse.com/969475
   https://bugzilla.suse.com/969476
   https://bugzilla.suse.com/969477
   https://bugzilla.suse.com/971975

openSUSE: 2017:2905-1: important: the Linux Kernel

October 29, 2017
An update that solves three vulnerabilities and has 32 An update that solves three vulnerabilities and has 32 An update that solves three vulnerabilities and has 32 fixes is now av...

Description

The openSUSE Leap 42.2 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in pnv_ioda_parse_m64_window() - blacklist.conf: not fitting cleanup patch - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: firmware: psci: drop duplicate const from psci_of_match (bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - ext4: do not allow encrypted operations without keys (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - fix whitespace according to upstream commit - fs/epoll: cache leftmost node (bsc#1056427). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hpsa: correct lun data caching bitmap definition (bsc#1028971). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (bnc#1012382). - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - libata: transport: Remove circular dependency at free time (bnc#1012382). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382). - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - rds: ib: add error handle (bnc#1012382). - rds: RDMA: Fix the composite message user notification (bnc#1012382). - README.BRANCH: Add Michal and Johannes as co-maintainers. - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971). - scsi: hpsa: bump driver version (bsc#1022600 fate#321928). - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Check for null device pointers (bsc#1028971). - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971). - scsi: hpsa: Check for vpd support before sending (bsc#1028971). - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928). - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971). - scsi: hpsa: correct logical resets (bsc#1028971). - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928). - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928). - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971). - scsi: hpsa: Determine device external status earlier (bsc#1028971). - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928). - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928). - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971). - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971). - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928). - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971). - scsi: hpsa: remove memory allocate failure message (bsc#1028971). - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971). - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928). - scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928). - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928). - scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928). - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update reset handler (bsc#1022600 fate#321928). - scsi: hpsa: use designated initializers (bsc#1028971). - scsi: hpsa: use %phN for short hex dumps (bsc#1028971). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: mark hid-multitouch as supported (FATE#323670) - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1224=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.2 (noarch): kernel-devel-4.4.92-18.36.1 kernel-docs-4.4.92-18.36.2 kernel-docs-html-4.4.92-18.36.2 kernel-docs-pdf-4.4.92-18.36.2 kernel-macros-4.4.92-18.36.1 kernel-source-4.4.92-18.36.1 kernel-source-vanilla-4.4.92-18.36.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.92-18.36.1 kernel-debug-base-4.4.92-18.36.1 kernel-debug-base-debuginfo-4.4.92-18.36.1 kernel-debug-debuginfo-4.4.92-18.36.1 kernel-debug-debugsource-4.4.92-18.36.1 kernel-debug-devel-4.4.92-18.36.1 kernel-debug-devel-debuginfo-4.4.92-18.36.1 kernel-default-4.4.92-18.36.1 kernel-default-base-4.4.92-18.36.1 kernel-default-base-debuginfo-4.4.92-18.36.1 kernel-default-debuginfo-4.4.92-18.36.1 kernel-default-debugsource-4.4.92-18.36.1 kernel-default-devel-4.4.92-18.36.1 kernel-obs-build-4.4.92-18.36.1 kernel-obs-build-debugsource-4.4.92-18.36.1 kernel-obs-qa-4.4.92-18.36.1 kernel-syms-4.4.92-18.36.1 kernel-vanilla-4.4.92-18.36.1 kernel-vanilla-base-4.4.92-18.36.1 kernel-vanilla-base-debuginfo-4.4.92-18.36.1 kernel-vanilla-debuginfo-4.4.92-18.36.1 kernel-vanilla-debugsource-4.4.92-18.36.1 kernel-vanilla-devel-4.4.92-18.36.1


References

https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022600 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1028971 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1055567 https://bugzilla.suse.com/1056427 https://bugzilla.suse.com/1059863 https://bugzilla.suse.com/1060985 https://bugzilla.suse.com/1061451 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062962 https://bugzilla.suse.com/1063460 https://bugzilla.suse.com/1063475 https://bugzilla.suse.com/1063501 https://bugzilla.suse.com/1063509 https://bugzilla.suse.com/1063520 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1063695 https://bugzilla.suse.com/1064206 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/969474 https://bugzilla.suse.com/969475 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/971975


Severity
Announcement ID: openSUSE-SU-2017:2905-1
Rating: important
Affected Products: openSUSE Leap 42.2

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved