Security update for the Linux Kernel
Announcement ID: | SUSE-RU-2018:1481-1 |
Rating: | important |
References: | #1012382 #1036215 #1066223 #1068032 #1070404 #1073059 #1076805 #1081599 #1085185 #1088810 #1092772 #1092813 #1092888 #1092975 #1093035 #1093533 #1093904 #1093990 #1094033 #1094059 #1094177 #1094268 #1094356 #1094405 #1094532 #919144 #973378 #993388 |
Affected Products: |
An update that has 28 recommended fixes can now be installed.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.132 to receive
various bugfixes.
The following non-security bugs were fixed:
- ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
- ALSA: aloop: Mark paused device as inactive (bnc#1012382).
- ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
- ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
- ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
(bnc#1012382).
- ALSA: timer: Fix pause event notification (bsc#973378).
- Bluetooth: Revert: btusb: Fix quirk for Atheros 1525/QCA6174"
(bnc#1012382).
- IB/mlx5: Use unlimited rate when static rate is not supported
(bnc#1012382).
- Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook
Pro (bnc#1012382).
- Input: leds - fix out of bound access (bnc#1012382).
- KVM: s390: Enable all facility bits that are known good for passthrough
(bnc#1012382 bsc#1073059 bsc#1076805).
- NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).
- PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg()
(bnc#1094268).
- RDMA/mlx5: Protect from shift operand overflow (bnc#1012382).
- RDMA/ucma: Allow resolving address w/o specifying source address
(bnc#1012382).
- ath10k: Revert: rebuild crypto header in rx data frames" (kabi).
- ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
(bnc#1012382).
- ath10k: rebuild crypto header in rx data frames (bnc#1012382).
- atm: zatm: Fix potential Spectre v1 (bnc#1012382).
- bdi: Fix oops in wb_workfn() (bnc#1012382).
- blacklist.conf: Blacklist 001ab5a67ee5
- blacklist.conf: Blacklist 3172485f4f80
- blacklist.conf: Blacklist 8a1ac5dc7be0
- blacklist.conf: Blacklist a09acf4b43b9
- blacklist.conf: Blacklist a86b06d1ccd2
- blacklist.conf: add cifs commit RMDA is unsupported in all SLE versions.
- bpf: map_get_next_key to return first key on NULL (bnc#1012382).
- bs-upload-kernel: Revert: do not set %opensuse_bs" This reverts commit
e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- can: kvaser_usb: Increase correct stats counter in
kvaser_usb_rx_can_msg() (bnc#1012382).
- ceph: fix st_nlink stat for directories (bsc#1093904).
- crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).
- dccp: initialize ireq->ir_mark (bnc#1012382).
- drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
- gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).
- ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).
- ibmvnic: Fix statistics buffers memory leak (bsc#1093990).
- ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).
- ibmvnic: Only do H_EOI for mobility events (bsc#1094356).
- ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).
- kABI: protect struct ath10k_hw_params (kabi).
- kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
(bsc#1094033).
- libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).
- loop: handle short DIO reads (bsc#1094177).
- mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).
- mac80211: Revert: Add RX flag to indicate ICV stripped" (kabi).
- mac80211: Revert: allow not sending MIC up from driver for HW crypto"
(kabi).
- mac80211: Revert: allow same PN for AMSDU sub-frames" (kabi).
- mac80211: allow not sending MIC up from driver for HW crypto
(bnc#1012382).
- mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).
- net: atm: Fix potential Spectre v1 (bnc#1012382).
- net: fix rtnh_ok() (bnc#1012382).
- net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).
- net: initialize skb->peeked when cloning (bnc#1012382).
- netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).
- nvme-pci: Fix EEH failure on ppc (bsc#1093533).
- nvme: target: fix buffer overflow (bsc#993388).
- ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
- ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
(bsc#1070404).
- percpu: include linux/sched.h for cond_resched() (bnc#1012382).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
(bnc#1012382).
- perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).
- perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
(bnc#1012382).
- perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
(bnc#1012382).
- perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
(bnc#1012382).
- perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
(bnc#1012382).
- perf: Remove superfluous allocation error check (bnc#1012382).
- platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill
(bsc#1093035).
- powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).
- powerpc/fadump: exclude memory holes while reserving memory in second
kernel (bsc#1092772).
- powerpc: conditionally compile platform-specific serial drivers
(bsc#1066223).
- powerpc: signals: Discard transaction state from signal frames
(bsc#1094059).
- rfkill: gpio: fix memory leak in probe error path (bnc#1012382).
- s390/cpum_sf: ensure sample frequency of perf event attributes is
non-zero (bnc#1094532, LTC#168035).
- s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532,
LTC#168037).
- scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532,
LTC#168038).
- soreuseport: initialise timewait reuseport field (bnc#1012382).
- stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
(bsc#1088810).
- target: transport should handle st FM/EOM/ILI reads (bsc#1081599).
- tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
- test_firmware: fix setting old custom fw path back on exit, second try
(bnc#1012382).
- tracepoint: Do not warn on ENOMEM (bnc#1012382).
- tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).
- tracing: Fix regex_match_front() to not over compare the test string
(bnc#1012382).
- usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382
bsc#1092888).
- usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).
- usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).
- usb: serial: option: Add support for Quectel EP06 (bnc#1012382).
- usb: serial: option: adding support for ublox R410M (bnc#1012382).
- usb: serial: option: reimplement interface masking (bnc#1012382).
- usb: serial: visor: handle potential invalid device configuration
(bnc#1012382).
- watchdog: Revert: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
- watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).
- watchdog: hpwdt: Update Module info and copyright (bsc#1085185).
- watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
- watchdog: hpwdt: Update nmi_panic message) (bsc#1085185).
- watchdog: hpwdt: condition early return of NMI handler on iLO5
(bsc#1085185).
- x86/bugs: Respect retpoline command line option (bsc#1068032).
- x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
- xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).
- xfs: fix endianness error when checking log block crc on big endian
platforms (bsc#1094405, bsc#1036215).
- xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1011=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1011=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1011=1
- SUSE Linux Enterprise High Availability 12-SP3:
zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1011=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1011=1
- SUSE CaaS Platform ALL:
To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
- kernel-default-debuginfo-4.4.132-94.33.1
- kernel-default-debugsource-4.4.132-94.33.1
- kernel-default-extra-4.4.132-94.33.1
- kernel-default-extra-debuginfo-4.4.132-94.33.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
- kernel-obs-build-4.4.132-94.33.1
- kernel-obs-build-debugsource-4.4.132-94.33.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
- kernel-docs-4.4.132-94.33.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
- kernel-default-4.4.132-94.33.1
- kernel-default-base-4.4.132-94.33.1
- kernel-default-base-debuginfo-4.4.132-94.33.1
- kernel-default-debuginfo-4.4.132-94.33.1
- kernel-default-debugsource-4.4.132-94.33.1
- kernel-default-devel-4.4.132-94.33.1
- kernel-syms-4.4.132-94.33.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
- kernel-devel-4.4.132-94.33.1
- kernel-macros-4.4.132-94.33.1
- kernel-source-4.4.132-94.33.1
- SUSE Linux Enterprise Server 12-SP3 (s390x):
- kernel-default-man-4.4.132-94.33.1
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
- kgraft-patch-4_4_132-94_33-default-1-4.3.1
- kgraft-patch-4_4_132-94_33-default-debuginfo-1-4.3.1
- SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
- cluster-md-kmp-default-4.4.132-94.33.1
- cluster-md-kmp-default-debuginfo-4.4.132-94.33.1
- dlm-kmp-default-4.4.132-94.33.1
- dlm-kmp-default-debuginfo-4.4.132-94.33.1
- gfs2-kmp-default-4.4.132-94.33.1
- gfs2-kmp-default-debuginfo-4.4.132-94.33.1
- kernel-default-debuginfo-4.4.132-94.33.1
- kernel-default-debugsource-4.4.132-94.33.1
- ocfs2-kmp-default-4.4.132-94.33.1
- ocfs2-kmp-default-debuginfo-4.4.132-94.33.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
- kernel-default-4.4.132-94.33.1
- kernel-default-debuginfo-4.4.132-94.33.1
- kernel-default-debugsource-4.4.132-94.33.1
- kernel-default-devel-4.4.132-94.33.1
- kernel-default-extra-4.4.132-94.33.1
- kernel-default-extra-debuginfo-4.4.132-94.33.1
- kernel-syms-4.4.132-94.33.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
- kernel-devel-4.4.132-94.33.1
- kernel-macros-4.4.132-94.33.1
- kernel-source-4.4.132-94.33.1
- SUSE CaaS Platform ALL (x86_64):
- kernel-default-4.4.132-94.33.1
- kernel-default-debuginfo-4.4.132-94.33.1
- kernel-default-debugsource-4.4.132-94.33.1
References:
- https://bugzilla.suse.com/1012382
- https://bugzilla.suse.com/1036215
- https://bugzilla.suse.com/1066223
- https://bugzilla.suse.com/1068032
- https://bugzilla.suse.com/1070404
- https://bugzilla.suse.com/1073059
- https://bugzilla.suse.com/1076805
- https://bugzilla.suse.com/1081599
- https://bugzilla.suse.com/1085185
- https://bugzilla.suse.com/1088810
- https://bugzilla.suse.com/1092772
- https://bugzilla.suse.com/1092813
- https://bugzilla.suse.com/1092888
- https://bugzilla.suse.com/1092975
- https://bugzilla.suse.com/1093035
- https://bugzilla.suse.com/1093533
- https://bugzilla.suse.com/1093904
- https://bugzilla.suse.com/1093990
- https://bugzilla.suse.com/1094033
- https://bugzilla.suse.com/1094059
- https://bugzilla.suse.com/1094177
- https://bugzilla.suse.com/1094268
- https://bugzilla.suse.com/1094356
- https://bugzilla.suse.com/1094405
- https://bugzilla.suse.com/1094532
- https://bugzilla.suse.com/919144
- https://bugzilla.suse.com/973378
- https://bugzilla.suse.com/993388