Security update for the Linux Kernel

SUSE Recommended Update: Security update for the Linux Kernel
Announcement ID: SUSE-RU-2018:1481-1
Rating: important
References: #1012382 #1036215 #1066223 #1068032 #1070404 #1073059 #1076805 #1081599 #1085185 #1088810 #1092772 #1092813 #1092888 #1092975 #1093035 #1093533 #1093904 #1093990 #1094033 #1094059 #1094177 #1094268 #1094356 #1094405 #1094532 #919144 #973378 #993388
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12-SP3
  • SUSE Linux Enterprise Server 12-SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise High Availability 12-SP3
  • SUSE Linux Enterprise Desktop 12-SP3
  • SUSE CaaS Platform ALL

  • An update that has 28 recommended fixes can now be installed.

    Description:



    The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.132 to receive
    various bugfixes.

    The following non-security bugs were fixed:

    - ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
    - ALSA: aloop: Mark paused device as inactive (bnc#1012382).
    - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
    - ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    (bnc#1012382).
    - ALSA: timer: Fix pause event notification (bsc#973378).
    - Bluetooth: Revert: btusb: Fix quirk for Atheros 1525/QCA6174"
    (bnc#1012382).
    - IB/mlx5: Use unlimited rate when static rate is not supported
    (bnc#1012382).
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook
    Pro (bnc#1012382).
    - Input: leds - fix out of bound access (bnc#1012382).
    - KVM: s390: Enable all facility bits that are known good for passthrough
    (bnc#1012382 bsc#1073059 bsc#1076805).
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).
    - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg()
    (bnc#1094268).
    - RDMA/mlx5: Protect from shift operand overflow (bnc#1012382).
    - RDMA/ucma: Allow resolving address w/o specifying source address
    (bnc#1012382).
    - ath10k: Revert: rebuild crypto header in rx data frames" (kabi).
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    (bnc#1012382).
    - ath10k: rebuild crypto header in rx data frames (bnc#1012382).
    - atm: zatm: Fix potential Spectre v1 (bnc#1012382).
    - bdi: Fix oops in wb_workfn() (bnc#1012382).
    - blacklist.conf: Blacklist 001ab5a67ee5
    - blacklist.conf: Blacklist 3172485f4f80
    - blacklist.conf: Blacklist 8a1ac5dc7be0
    - blacklist.conf: Blacklist a09acf4b43b9
    - blacklist.conf: Blacklist a86b06d1ccd2
    - blacklist.conf: add cifs commit RMDA is unsupported in all SLE versions.
    - bpf: map_get_next_key to return first key on NULL (bnc#1012382).
    - bs-upload-kernel: Revert: do not set %opensuse_bs" This reverts commit
    e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
    - can: kvaser_usb: Increase correct stats counter in
    kvaser_usb_rx_can_msg() (bnc#1012382).
    - ceph: fix st_nlink stat for directories (bsc#1093904).
    - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).
    - dccp: initialize ireq->ir_mark (bnc#1012382).
    - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
    - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).
    - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).
    - ibmvnic: Fix statistics buffers memory leak (bsc#1093990).
    - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).
    - ibmvnic: Only do H_EOI for mobility events (bsc#1094356).
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).
    - kABI: protect struct ath10k_hw_params (kabi).
    - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
    (bsc#1094033).
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).
    - loop: handle short DIO reads (bsc#1094177).
    - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).
    - mac80211: Revert: Add RX flag to indicate ICV stripped" (kabi).
    - mac80211: Revert: allow not sending MIC up from driver for HW crypto"
    (kabi).
    - mac80211: Revert: allow same PN for AMSDU sub-frames" (kabi).
    - mac80211: allow not sending MIC up from driver for HW crypto
    (bnc#1012382).
    - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).
    - net: atm: Fix potential Spectre v1 (bnc#1012382).
    - net: fix rtnh_ok() (bnc#1012382).
    - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).
    - net: initialize skb->peeked when cloning (bnc#1012382).
    - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).
    - nvme-pci: Fix EEH failure on ppc (bsc#1093533).
    - nvme: target: fix buffer overflow (bsc#993388).
    - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
    - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
    (bsc#1070404).
    - percpu: include linux/sched.h for cond_resched() (bnc#1012382).
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    (bnc#1012382).
    - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    (bnc#1012382).
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    (bnc#1012382).
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    (bnc#1012382).
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    (bnc#1012382).
    - perf: Remove superfluous allocation error check (bnc#1012382).
    - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill
    (bsc#1093035).
    - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).
    - powerpc/fadump: exclude memory holes while reserving memory in second
    kernel (bsc#1092772).
    - powerpc: conditionally compile platform-specific serial drivers
    (bsc#1066223).
    - powerpc: signals: Discard transaction state from signal frames
    (bsc#1094059).
    - rfkill: gpio: fix memory leak in probe error path (bnc#1012382).
    - s390/cpum_sf: ensure sample frequency of perf event attributes is
    non-zero (bnc#1094532, LTC#168035).
    - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532,
    LTC#168037).
    - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532,
    LTC#168038).
    - soreuseport: initialise timewait reuseport field (bnc#1012382).
    - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
    (bsc#1088810).
    - target: transport should handle st FM/EOM/ILI reads (bsc#1081599).
    - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
    - test_firmware: fix setting old custom fw path back on exit, second try
    (bnc#1012382).
    - tracepoint: Do not warn on ENOMEM (bnc#1012382).
    - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).
    - tracing: Fix regex_match_front() to not over compare the test string
    (bnc#1012382).
    - usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382
    bsc#1092888).
    - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).
    - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).
    - usb: serial: option: Add support for Quectel EP06 (bnc#1012382).
    - usb: serial: option: adding support for ublox R410M (bnc#1012382).
    - usb: serial: option: reimplement interface masking (bnc#1012382).
    - usb: serial: visor: handle potential invalid device configuration
    (bnc#1012382).
    - watchdog: Revert: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
    - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).
    - watchdog: hpwdt: Update Module info and copyright (bsc#1085185).
    - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
    - watchdog: hpwdt: Update nmi_panic message) (bsc#1085185).
    - watchdog: hpwdt: condition early return of NMI handler on iLO5
    (bsc#1085185).
    - x86/bugs: Respect retpoline command line option (bsc#1068032).
    - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
    - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).
    - xfs: fix endianness error when checking log block crc on big endian
    platforms (bsc#1094405, bsc#1036215).
    - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).

    Patch Instructions:

    To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP3:
      zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1011=1
    • SUSE Linux Enterprise Software Development Kit 12-SP3:
      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1011=1
    • SUSE Linux Enterprise Server 12-SP3:
      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1
    • SUSE Linux Enterprise Live Patching 12-SP3:
      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1011=1
    • SUSE Linux Enterprise High Availability 12-SP3:
      zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1011=1
    • SUSE Linux Enterprise Desktop 12-SP3:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1011=1
    • SUSE CaaS Platform ALL:
      To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
      • kernel-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debugsource-4.4.132-94.33.1
      • kernel-default-extra-4.4.132-94.33.1
      • kernel-default-extra-debuginfo-4.4.132-94.33.1
    • SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
      • kernel-obs-build-4.4.132-94.33.1
      • kernel-obs-build-debugsource-4.4.132-94.33.1
    • SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
      • kernel-docs-4.4.132-94.33.1
    • SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
      • kernel-default-4.4.132-94.33.1
      • kernel-default-base-4.4.132-94.33.1
      • kernel-default-base-debuginfo-4.4.132-94.33.1
      • kernel-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debugsource-4.4.132-94.33.1
      • kernel-default-devel-4.4.132-94.33.1
      • kernel-syms-4.4.132-94.33.1
    • SUSE Linux Enterprise Server 12-SP3 (noarch):
      • kernel-devel-4.4.132-94.33.1
      • kernel-macros-4.4.132-94.33.1
      • kernel-source-4.4.132-94.33.1
    • SUSE Linux Enterprise Server 12-SP3 (s390x):
      • kernel-default-man-4.4.132-94.33.1
    • SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
      • kgraft-patch-4_4_132-94_33-default-1-4.3.1
      • kgraft-patch-4_4_132-94_33-default-debuginfo-1-4.3.1
    • SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
      • cluster-md-kmp-default-4.4.132-94.33.1
      • cluster-md-kmp-default-debuginfo-4.4.132-94.33.1
      • dlm-kmp-default-4.4.132-94.33.1
      • dlm-kmp-default-debuginfo-4.4.132-94.33.1
      • gfs2-kmp-default-4.4.132-94.33.1
      • gfs2-kmp-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debugsource-4.4.132-94.33.1
      • ocfs2-kmp-default-4.4.132-94.33.1
      • ocfs2-kmp-default-debuginfo-4.4.132-94.33.1
    • SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
      • kernel-default-4.4.132-94.33.1
      • kernel-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debugsource-4.4.132-94.33.1
      • kernel-default-devel-4.4.132-94.33.1
      • kernel-default-extra-4.4.132-94.33.1
      • kernel-default-extra-debuginfo-4.4.132-94.33.1
      • kernel-syms-4.4.132-94.33.1
    • SUSE Linux Enterprise Desktop 12-SP3 (noarch):
      • kernel-devel-4.4.132-94.33.1
      • kernel-macros-4.4.132-94.33.1
      • kernel-source-4.4.132-94.33.1
    • SUSE CaaS Platform ALL (x86_64):
      • kernel-default-4.4.132-94.33.1
      • kernel-default-debuginfo-4.4.132-94.33.1
      • kernel-default-debugsource-4.4.132-94.33.1

    References: