   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0471-1
Rating:             important
References:         #1003153 #1003925 #1004462 #1004517 #1005666 
                    #1007197 #1008833 #1008979 #1009969 #1010040 
                    #1010475 #1010478 #1010501 #1010502 #1010507 
                    #1010612 #1010711 #1010716 #1011820 #1012422 
                    #1013038 #1013531 #1013540 #1013542 #1014746 
                    #1016482 #1017410 #1017589 #1017710 #1019300 
                    #1019851 #1020602 #1021258 #881008 #915183 
                    #958606 #961257 #970083 #971989 #976195 #978094 
                    #980371 #980560 #981038 #981597 #981709 #982282 
                    #982544 #983619 #983721 #983977 #984148 #984419 
                    #984755 #985978 #986362 #986365 #986445 #986569 
                    #986572 #986811 #986941 #987542 #987565 #987576 
                    #989152 #990384 #991608 #991665 #993392 #993890 
                    #993891 #994296 #994748 #994881 #995968 #997708 
                    #998795 #999584 #999600 #999932 #999943 
Cross-References:   CVE-2014-9904 CVE-2015-8956 CVE-2015-8962
                    CVE-2015-8963 CVE-2015-8964 CVE-2016-10088
                    CVE-2016-4470 CVE-2016-4998 CVE-2016-5696
                    CVE-2016-5828 CVE-2016-5829 CVE-2016-6130
                    CVE-2016-6327 CVE-2016-6480 CVE-2016-6828
                    CVE-2016-7042 CVE-2016-7097 CVE-2016-7425
                    CVE-2016-7910 CVE-2016-7911 CVE-2016-7913
                    CVE-2016-7914 CVE-2016-8399 CVE-2016-8633
                    CVE-2016-8645 CVE-2016-8658 CVE-2016-9083
                    CVE-2016-9084 CVE-2016-9756 CVE-2016-9793
                    CVE-2016-9806 CVE-2017-2583 CVE-2017-2584
                    CVE-2017-5551
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 34 vulnerabilities and has 48 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to
   receive various security and bugfixes.

   The following feature was implemented:

   - The ext2 filesystem got reenabled and supported to allow support for
     "XIP" (Execute In Place) (FATE#320805).


   The following security bugs were fixed:

   - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel
     preserved the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bsc#1021258).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserved the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual
     Machine (CONFIG_KVM) support was vulnerable to an incorrect segment
     selector(SS) value error. A user/process inside guest could have used
     this flaw to crash the guest resulting in DoS or potentially escalate
     their privileges inside guest. (bsc#1020602).
   - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local
     users to obtain sensitive information from kernel memory or cause a
     denial of service (use-after-free) via a crafted application that
     leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt
     (bnc#1019851).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free) by
     leveraging access to a /dev/sg device, related to block/bsg.c and
     drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-9576 (bnc#1017710).
   - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
     truncation, which allowed local users to cause a denial of service
     (system crash) via a crafted application that made sendto system calls,
     related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
   - CVE-2016-8399: An elevation of privilege vulnerability in the kernel
     networking subsystem could enable a local malicious application to
     execute arbitrary code within the context of the kernel. This issue is
     rated as Moderate because it first requires compromising a privileged
     process and current compiler optimizations restrict access to the
     vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.
     Android ID: A-31349935 (bnc#1014746).
   - CVE-2016-9806: Race condition in the netlink_dump function in
     net/netlink/af_netlink.c in the Linux kernel allowed local users to
     cause a denial of service (double free) or possibly have unspecified
     other impact via a crafted application that made sendmsg system calls,
     leading to a free operation associated with a new dump that started
     earlier than anticipated (bnc#1013540).
   - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
     properly initialize Code Segment (CS) in certain error cases, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted application (bnc#1013038).
   - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
     (bnc#1013531).
   - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
     function in block/genhd.c in the Linux kernel allowed local users to
     gain privileges by leveraging the execution of a certain stop operation
     even if the corresponding start operation had failed (bnc#1010716).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-7913: The xc2028_set_config function in
     drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (use-after-free)
     via vectors involving omission of the firmware name from a certain data
     structure (bnc#1010478).
   - CVE-2016-7911: Race condition in the get_task_ioprio function in
     block/ioprio.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (use-after-free) via a crafted
     ioprio_get system call (bnc#1010711).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (use-after-free) by leveraging incorrect handling of an swevent
     data structure during a CPU unplug operation (bnc#1010502).
   - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in
     lib/assoc_array.c in the Linux kernel did not check whether a slot is a
     leaf, which allowed local users to obtain sensitive information from
     kernel memory or cause a denial of service (invalid pointer dereference
     and out-of-bounds read) via an application that uses associative-array
     data structures, as demonstrated by the keyutils test suite
     (bnc#1010475).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote
     attackers to execute arbitrary code via crafted fragmented packets
     (bnc#1008833).
   - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed
     local users to bypass integer overflow checks, and cause a denial of
     service (memory corruption) or have unspecified other impact, by
     leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS
     ioctl call, aka a "state machine confusion bug (bnc#1007197).
   - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel
     misused the kzalloc function, which allowed local users to cause a
     denial of service (integer overflow) or have unspecified other impact by
     leveraging access to a vfio PCI device file (bnc#1007197).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux kernel uses an incorrect buffer size for certain timeout data,
     which allowed local users to cause a denial of service (stack memory
     corruption and panic) by reading the /proc/keys file (bnc#1004517).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).
   - CVE-2016-8658: Stack-based buffer overflow in the
     brcmf_cfg80211_start_ap function in
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
     kernel allowed local users to cause a denial of service (system crash)
     or possibly have unspecified other impact via a long SSID Information
     Element in a command to a Netlink socket (bnc#1004462).
   - CVE-2016-7425: The arcmsr_iop_message_xfer function in
     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
     certain length field, which allowed local users to gain privileges or
     cause a denial of service (heap-based buffer overflow) via an
     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
   - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel
     allowed local users to cause a denial of service (NULL pointer
     dereference and system crash) by using an ABORT_TASK command to abort a
     device write operation (bnc#994748).
   - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
     the Linux kernel did not properly maintain certain SACK state after a
     failed data copy, which allowed local users to cause a denial of service
     (tcp_xmit_retransmit_queue use-after-free and system crash) via a
     crafted SACK option (bnc#994296).
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     remote attackers to hijack TCP sessions via a blind in-window attack
     (bnc#989152).
   - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in
     drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by changing a certain
     length value, aka a "double fetch" vulnerability (bnc#987542).
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bnc#986362 bnc#986365).
   - CVE-2016-5828: The start_thread function in
     arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms
     mishandled transactional state, which allowed local users to cause a
     denial of service (invalid process state or TM Bad Thing exception, and
     system crash) or possibly have unspecified other impact by starting and
     suspending a transaction before an exec system call (bnc#986569).
   - CVE-2014-9904: The snd_compress_check_input function in
     sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel
     did not properly check for an integer overflow, which allowed local
     users to cause a denial of service (insufficient memory allocation) or
     possibly have unspecified other impact via a crafted
     SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
   - CVE-2016-5829: Multiple heap-based buffer overflows in the
     hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
     kernel allow local users to cause a denial of service or possibly have
     unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
     HIDIOCSUSAGES ioctl call (bnc#986572).
   - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
     in the Linux kernel did not ensure that a certain data structure is
     initialized, which allowed local users to cause a denial of service
     (system crash) via vectors involving a crafted keyctl request2 command
     (bnc#984755).

   The following non-security bugs were fixed:

   - base: make module_create_drivers_dir race-free (bnc#983977).
   - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable
     (bsc#981597).
   - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
     (bsc#983619).
   - btrfs: be more precise on errors when getting an inode from disk
     (bsc#981038).
   - btrfs: do not create or leak aliased root while cleaning up orphans
     (bsc#994881).
   - btrfs: ensure that file descriptor used with subvol ioctls is a dir
     (bsc#999600).
   - btrfs: fix relocation incorrectly dropping data references (bsc#990384).
   - btrfs: handle quota reserve failure properly (bsc#1005666).
   - btrfs: improve performance on fsync against new inode after
     rename/unlink (bsc#981038).
   - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
     (bsc#981709).
   - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
     (bsc#981709).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)
   - ext4: Add parameter for tuning handling of ext2 (bsc#976195).
   - ext4: Fixup handling for custom configs in tuning.
   - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short
     jumps to it (bsc#984419).
   - ipv6: Fix improper use or RCU in
     patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.
     (bsc#961257)
   - ipv6: KABI workaround for ipv6: add complete rcu protection around
     np->opt.
   - kabi: prevent spurious modversion changes after bsc#982544 fix
     (bsc#982544).
   - kabi: reintroduce sk_filter (kabi).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread
     (bsc#1010612, fate#313296).
   - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,
     fate#313296).
   - kgr: ignore zombie tasks during the patching (bnc#1008979).
   - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - modsign: Print appropriate status message when accessing UEFI variable
     (bsc#958606).
   - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
   - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,
     bsc#999943).
   - netfilter: allow logging fron non-init netns (bsc#970083).
   - netfilter: bridge: do not leak skb in error paths (bsc#982544).
   - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
   - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in
     br_validate_ipv6 (bsc#982544).
   - nfs: Do not write enable new pages while an invalidation is proceeding
     (bsc#999584).
   - nfs: Fix a regression in the read() syscall (bsc#999584).
   - pci/aer: Clear error status registers during enumeration and restore
     (bsc#985978).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
   - scsi: Increase REPORT_LUNS timeout (bsc#982282).
   - series.conf: move stray netfilter patches to the right section
   - squashfs3: properly handle dir_emit() failures (bsc#998795).
   - supported.conf: Add ext2
   - timers: Use proper base migration in add_timer_on() (bnc#993392).
   - tty: audit: Fix audit source (bsc#1016482).
   - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
   - usb: fix typo in wMaxPacketSize validation (bsc#991665).
   - usb: validate wMaxPacketValue entries in endpoint descriptors     (bnc#991665).
   - xen: Fix refcnt regression in xen netback introduced by changes made for
     bug#881008 (bnc#978094)
   - xfs: allow lazy sb counter sync during filesystem freeze sequence
     (bsc#980560).
   - xfs: fixed signedness of error code in xfs_inode_buf_verify
     (bsc#1003153).
   - xfs: fix premature enospc on inode allocation (bsc#984148).
   - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).
   - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).
   - xfs: refactor xlog_recover_process_data() (bsc#1019300).
   - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
   - xhci: silence warnings in switch (bnc#991665).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-247=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-247=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-247=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for SAP 12 (noarch):

      kernel-devel-3.12.61-52.66.1
      kernel-macros-3.12.61-52.66.1
      kernel-source-3.12.61-52.66.1

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kernel-default-3.12.61-52.66.1
      kernel-default-base-3.12.61-52.66.1
      kernel-default-base-debuginfo-3.12.61-52.66.1
      kernel-default-debuginfo-3.12.61-52.66.1
      kernel-default-debugsource-3.12.61-52.66.1
      kernel-default-devel-3.12.61-52.66.1
      kernel-syms-3.12.61-52.66.1
      kernel-xen-3.12.61-52.66.1
      kernel-xen-base-3.12.61-52.66.1
      kernel-xen-base-debuginfo-3.12.61-52.66.1
      kernel-xen-debuginfo-3.12.61-52.66.1
      kernel-xen-debugsource-3.12.61-52.66.1
      kernel-xen-devel-3.12.61-52.66.1
      kgraft-patch-3_12_61-52_66-default-1-2.1
      kgraft-patch-3_12_61-52_66-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.61-52.66.1
      kernel-default-base-3.12.61-52.66.1
      kernel-default-base-debuginfo-3.12.61-52.66.1
      kernel-default-debuginfo-3.12.61-52.66.1
      kernel-default-debugsource-3.12.61-52.66.1
      kernel-default-devel-3.12.61-52.66.1
      kernel-syms-3.12.61-52.66.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      kernel-devel-3.12.61-52.66.1
      kernel-macros-3.12.61-52.66.1
      kernel-source-3.12.61-52.66.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kernel-xen-3.12.61-52.66.1
      kernel-xen-base-3.12.61-52.66.1
      kernel-xen-base-debuginfo-3.12.61-52.66.1
      kernel-xen-debuginfo-3.12.61-52.66.1
      kernel-xen-debugsource-3.12.61-52.66.1
      kernel-xen-devel-3.12.61-52.66.1
      kgraft-patch-3_12_61-52_66-default-1-2.1
      kgraft-patch-3_12_61-52_66-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (s390x):

      kernel-default-man-3.12.61-52.66.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.61-52.66.1
      kernel-ec2-debuginfo-3.12.61-52.66.1
      kernel-ec2-debugsource-3.12.61-52.66.1
      kernel-ec2-devel-3.12.61-52.66.1
      kernel-ec2-extra-3.12.61-52.66.1
      kernel-ec2-extra-debuginfo-3.12.61-52.66.1


References:

   https://www.suse.com/security/cve/CVE-2014-9904.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8963.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-4470.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-5828.html
   https://www.suse.com/security/cve/CVE-2016-5829.html
   https://www.suse.com/security/cve/CVE-2016-6130.html
   https://www.suse.com/security/cve/CVE-2016-6327.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7913.html
   https://www.suse.com/security/cve/CVE-2016-7914.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8645.html
   https://www.suse.com/security/cve/CVE-2016-8658.html
   https://www.suse.com/security/cve/CVE-2016-9083.html
   https://www.suse.com/security/cve/CVE-2016-9084.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2016-9806.html
   https://www.suse.com/security/cve/CVE-2017-2583.html
   https://www.suse.com/security/cve/CVE-2017-2584.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003153
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004462
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1007197
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008979
   https://bugzilla.suse.com/1009969
   https://bugzilla.suse.com/1010040
   https://bugzilla.suse.com/1010475
   https://bugzilla.suse.com/1010478
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010502
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010612
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011820
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013540
   https://bugzilla.suse.com/1013542
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1016482
   https://bugzilla.suse.com/1017410
   https://bugzilla.suse.com/1017589
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1019300
   https://bugzilla.suse.com/1019851
   https://bugzilla.suse.com/1020602
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/881008
   https://bugzilla.suse.com/915183
   https://bugzilla.suse.com/958606
   https://bugzilla.suse.com/961257
   https://bugzilla.suse.com/970083
   https://bugzilla.suse.com/971989
   https://bugzilla.suse.com/976195
   https://bugzilla.suse.com/978094
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/980560
   https://bugzilla.suse.com/981038
   https://bugzilla.suse.com/981597
   https://bugzilla.suse.com/981709
   https://bugzilla.suse.com/982282
   https://bugzilla.suse.com/982544
   https://bugzilla.suse.com/983619
   https://bugzilla.suse.com/983721
   https://bugzilla.suse.com/983977
   https://bugzilla.suse.com/984148
   https://bugzilla.suse.com/984419
   https://bugzilla.suse.com/984755
   https://bugzilla.suse.com/985978
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/986569
   https://bugzilla.suse.com/986572
   https://bugzilla.suse.com/986811
   https://bugzilla.suse.com/986941
   https://bugzilla.suse.com/987542
   https://bugzilla.suse.com/987565
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/993392
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994748
   https://bugzilla.suse.com/994881
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/997708
   https://bugzilla.suse.com/998795
   https://bugzilla.suse.com/999584
   https://bugzilla.suse.com/999600
   https://bugzilla.suse.com/999932
   https://bugzilla.suse.com/999943

SuSE: 2017:0471-1: important: the Linux Kernel

February 15, 2017

An update that solves 34 vulnerabilities and has 48 fixes An update that solves 34 vulnerabilities and has 48 fixes An update that solves 34 vulnerabilities and has 48 fixes is now...

Summary

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: - The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs were fixed: - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935 (bnc#1014746). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - base: make module_create_drivers_dir race-free (bnc#983977). - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable (bsc#981597). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - cdc-acm: added sanity checking for probe() (bsc#993891). - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805) - ext4: Add parameter for tuning handling of ext2 (bsc#976195). - ext4: Fixup handling for custom configs in tuning. - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257) - ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: reintroduce sk_filter (kabi). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296). - kgr: ignore zombie tasks during the patching (bnc#1008979). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - modsign: Print appropriate status message when accessing UEFI variable (bsc#958606). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - netfilter: allow logging fron non-init netns (bsc#970083). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - pci/aer: Clear error status registers during enumeration and restore (bsc#985978). - ppp: defer netns reference release for ppp channel (bsc#980371). - reiserfs: fix race in prealloc discard (bsc#987576). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: Increase REPORT_LUNS timeout (bsc#982282). - series.conf: move stray netfilter patches to the right section - squashfs3: properly handle dir_emit() failures (bsc#998795). - supported.conf: Add ext2 - timers: Use proper base migration in add_timer_on() (bnc#993392). - tty: audit: Fix audit source (bsc#1016482). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). - xfs: refactor xlog_recover_process_data() (bsc#1019300). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - xhci: silence warnings in switch (bnc#991665). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-247=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-247=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.66.1 kernel-macros-3.12.61-52.66.1 kernel-source-3.12.61-52.66.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.66.1 kernel-default-base-3.12.61-52.66.1 kernel-default-base-debuginfo-3.12.61-52.66.1 kernel-default-debuginfo-3.12.61-52.66.1 kernel-default-debugsource-3.12.61-52.66.1 kernel-default-devel-3.12.61-52.66.1 kernel-syms-3.12.61-52.66.1 kernel-xen-3.12.61-52.66.1 kernel-xen-base-3.12.61-52.66.1 kernel-xen-base-debuginfo-3.12.61-52.66.1 kernel-xen-debuginfo-3.12.61-52.66.1 kernel-xen-debugsource-3.12.61-52.66.1 kernel-xen-devel-3.12.61-52.66.1 kgraft-patch-3_12_61-52_66-default-1-2.1 kgraft-patch-3_12_61-52_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.66.1 kernel-default-base-3.12.61-52.66.1 kernel-default-base-debuginfo-3.12.61-52.66.1 kernel-default-debuginfo-3.12.61-52.66.1 kernel-default-debugsource-3.12.61-52.66.1 kernel-default-devel-3.12.61-52.66.1 kernel-syms-3.12.61-52.66.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.66.1 kernel-macros-3.12.61-52.66.1 kernel-source-3.12.61-52.66.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.66.1 kernel-xen-base-3.12.61-52.66.1 kernel-xen-base-debuginfo-3.12.61-52.66.1 kernel-xen-debuginfo-3.12.61-52.66.1 kernel-xen-debugsource-3.12.61-52.66.1 kernel-xen-devel-3.12.61-52.66.1 kgraft-patch-3_12_61-52_66-default-1-2.1 kgraft-patch-3_12_61-52_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.66.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.66.1 kernel-ec2-debuginfo-3.12.61-52.66.1 kernel-ec2-debugsource-3.12.61-52.66.1 kernel-ec2-devel-3.12.61-52.66.1 kernel-ec2-extra-3.12.61-52.66.1 kernel-ec2-extra-debuginfo-3.12.61-52.66.1

References

#1003153 #1003925 #1004462 #1004517 #1005666

#1007197 #1008833 #1008979 #1009969 #1010040

#1010475 #1010478 #1010501 #1010502 #1010507

#1010612 #1010711 #1010716 #1011820 #1012422

#1013038 #1013531 #1013540 #1013542 #1014746

#1016482 #1017410 #1017589 #1017710 #1019300

#1019851 #1020602 #1021258 #881008 #915183

#958606 #961257 #970083 #971989 #976195 #978094

#980371 #980560 #981038 #981597 #981709 #982282

#982544 #983619 #983721 #983977 #984148 #984419

#984755 #985978 #986362 #986365 #986445 #986569

#986572 #986811 #986941 #987542 #987565 #987576

#989152 #990384 #991608 #991665 #993392 #993890

#993891 #994296 #994748 #994881 #995968 #997708

#998795 #999584 #999600 #999932 #999943

Cross- CVE-2014-9904 CVE-2015-8956 CVE-2015-8962

CVE-2015-8963 CVE-2015-8964 CVE-2016-10088

CVE-2016-4470 CVE-2016-4998 CVE-2016-5696

CVE-2016-5828 CVE-2016-5829 CVE-2016-6130

CVE-2016-6327 CVE-2016-6480 CVE-2016-6828

CVE-2016-7042 CVE-2016-7097 CVE-2016-7425

CVE-2016-7910 CVE-2016-7911 CVE-2016-7913

CVE-2016-7914 CVE-2016-8399 CVE-2016-8633

CVE-2016-8645 CVE-2016-8658 CVE-2016-9083

CVE-2016-9084 CVE-2016-9756 CVE-2016-9793

CVE-2016-9806 CVE-2017-2583 CVE-2017-2584

CVE-2017-5551

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Module for Public Cloud 12

https://www.suse.com/security/cve/CVE-2014-9904.html

https://www.suse.com/security/cve/CVE-2015-8956.html

https://www.suse.com/security/cve/CVE-2015-8962.html

https://www.suse.com/security/cve/CVE-2015-8963.html

https://www.suse.com/security/cve/CVE-2015-8964.html

https://www.suse.com/security/cve/CVE-2016-10088.html

https://www.suse.com/security/cve/CVE-2016-4470.html

https://www.suse.com/security/cve/CVE-2016-4998.html

https://www.suse.com/security/cve/CVE-2016-5696.html

https://www.suse.com/security/cve/CVE-2016-5828.html

https://www.suse.com/security/cve/CVE-2016-5829.html

https://www.suse.com/security/cve/CVE-2016-6130.html

https://www.suse.com/security/cve/CVE-2016-6327.html

https://www.suse.com/security/cve/CVE-2016-6480.html

https://www.suse.com/security/cve/CVE-2016-6828.html

https://www.suse.com/security/cve/CVE-2016-7042.html

https://www.suse.com/security/cve/CVE-2016-7097.html

https://www.suse.com/security/cve/CVE-2016-7425.html

https://www.suse.com/security/cve/CVE-2016-7910.html

https://www.suse.com/security/cve/CVE-2016-7911.html

https://www.suse.com/security/cve/CVE-2016-7913.html

https://www.suse.com/security/cve/CVE-2016-7914.html

https://www.suse.com/security/cve/CVE-2016-8399.html

https://www.suse.com/security/cve/CVE-2016-8633.html

https://www.suse.com/security/cve/CVE-2016-8645.html

https://www.suse.com/security/cve/CVE-2016-8658.html

https://www.suse.com/security/cve/CVE-2016-9083.html

https://www.suse.com/security/cve/CVE-2016-9084.html

https://www.suse.com/security/cve/CVE-2016-9756.html

https://www.suse.com/security/cve/CVE-2016-9793.html

https://www.suse.com/security/cve/CVE-2016-9806.html

https://www.suse.com/security/cve/CVE-2017-2583.html

https://www.suse.com/security/cve/CVE-2017-2584.html

https://www.suse.com/security/cve/CVE-2017-5551.html

https://bugzilla.suse.com/1003153

https://bugzilla.suse.com/1003925

https://bugzilla.suse.com/1004462

https://bugzilla.suse.com/1004517

https://bugzilla.suse.com/1005666

https://bugzilla.suse.com/1007197

https://bugzilla.suse.com/1008833

https://bugzilla.suse.com/1008979

https://bugzilla.suse.com/1009969

https://bugzilla.suse.com/1010040

https://bugzilla.suse.com/1010475

https://bugzilla.suse.com/1010478

https://bugzilla.suse.com/1010501

https://bugzilla.suse.com/1010502

https://bugzilla.suse.com/1010507

https://bugzilla.suse.com/1010612

https://bugzilla.suse.com/1010711

https://bugzilla.suse.com/1010716

https://bugzilla.suse.com/1011820

https://bugzilla.suse.com/1012422

https://bugzilla.suse.com/1013038

https://bugzilla.suse.com/1013531

https://bugzilla.suse.com/1013540

https://bugzilla.suse.com/1013542

https://bugzilla.suse.com/1014746

https://bugzilla.suse.com/1016482

https://bugzilla.suse.com/1017410

https://bugzilla.suse.com/1017589

https://bugzilla.suse.com/1017710

https://bugzilla.suse.com/1019300

https://bugzilla.suse.com/1019851

https://bugzilla.suse.com/1020602

https://bugzilla.suse.com/1021258

https://bugzilla.suse.com/881008

https://bugzilla.suse.com/915183

https://bugzilla.suse.com/958606

https://bugzilla.suse.com/961257

https://bugzilla.suse.com/970083

https://bugzilla.suse.com/971989

https://bugzilla.suse.com/976195

https://bugzilla.suse.com/978094

https://bugzilla.suse.com/980371

https://bugzilla.suse.com/980560

https://bugzilla.suse.com/981038

https://bugzilla.suse.com/981597

https://bugzilla.suse.com/981709

https://bugzilla.suse.com/982282

https://bugzilla.suse.com/982544

https://bugzilla.suse.com/983619

https://bugzilla.suse.com/983721

https://bugzilla.suse.com/983977

https://bugzilla.suse.com/984148

https://bugzilla.suse.com/984419

https://bugzilla.suse.com/984755

https://bugzilla.suse.com/985978

https://bugzilla.suse.com/986362

https://bugzilla.suse.com/986365

https://bugzilla.suse.com/986445

https://bugzilla.suse.com/986569

https://bugzilla.suse.com/986572

https://bugzilla.suse.com/986811

https://bugzilla.suse.com/986941

https://bugzilla.suse.com/987542

https://bugzilla.suse.com/987565

https://bugzilla.suse.com/987576

https://bugzilla.suse.com/989152

https://bugzilla.suse.com/990384

https://bugzilla.suse.com/991608

https://bugzilla.suse.com/991665

https://bugzilla.suse.com/993392

https://bugzilla.suse.com/993890

https://bugzilla.suse.com/993891

https://bugzilla.suse.com/994296

https://bugzilla.suse.com/994748

https://bugzilla.suse.com/994881

https://bugzilla.suse.com/995968

https://bugzilla.suse.com/997708

https://bugzilla.suse.com/998795

https://bugzilla.suse.com/999584

https://bugzilla.suse.com/999600

https://bugzilla.suse.com/999932

https://bugzilla.suse.com/999943

Severity

Announcement ID: SUSE-SU-2017:0471-1

Rating: important

Get the Latest News & Insights

SuSE: 2017:0471-1: important: the Linux Kernel

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By