Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2018:2177-1
Rating: important
References: #1045538 #1047487 #1068032 #1087086 #1090078 #1094244 #1094876 #1098408 #1099177 #1099598 #1099709 #1099966 #1100089 #1100091 #1101296 #780242 #784815 #786036 #790588 #795301 #902351 #909495 #923242 #925105 #936423
Affected Products:
  • SUSE Linux Enterprise Real Time Extension 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4

  • An update that solves one vulnerability and has 24 fixes is now available.

    Description:


    The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
    security and bugfixes.

    The following security bugs were fixed:

    - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause
    a denial of service (memory consumption) by triggering a large number of
    chunks in an association's output queue (bsc#902351)

    The following non-security bugs were fixed:

    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    (bsc#1045538).
    - ALSA: seq: Do not allow resizing pool in use (bsc#1045538).
    - Delete
    patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch
    (bsc# 1090078)
    - IB/mlx4: fix sprintf format warning (bnc#786036).
    - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).
    - USB: uss720: fix NULL-deref at probe (bnc#1047487).
    - bna: integer overflow bug in debugfs (bnc#780242).
    - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
    (bug#923242).
    - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).
    - fix a leak in /proc/schedstats (bsc#1094876).
    - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).
    - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).
    - module/retpoline: Warn about missing retpoline in module (bnc#1099177).
    - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).
    - net/mlx4_en: Change default QoS settings (bnc#786036).
    - net/mlx4_en: Use __force to fix a sparse warning in TX datapath
    (bug#925105).
    - netxen: fix incorrect loop counter decrement (bnc#784815).
    - powerpc: Machine check interrupt is a non-maskable interrupt
    (bsc#1094244).
    - s390/qdio: do not merge ERROR output buffers (bnc#1099709).
    - s390/qeth: do not dump control cmd twice (bnc#1099709).
    - s390/qeth: fix SETIP command handling (bnc#1099709).
    - s390/qeth: free netdevice when removing a card (bnc#1099709).
    - s390/qeth: lock read device while queueing next buffer (bnc#1099709).
    - s390/qeth: when thread completes, wake up all waiters (bnc#1099709).
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    (bsc#1100089).
    - scsi: sg: mitigate read/write abuse (bsc#1101296).
    - tg3: do not clear stats while tg3_close (bnc#790588).
    - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb()
    (bnc#1099966).
    - vmxnet3: use correct flag to indicate LRO feature (bsc#936423).
    - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).
    - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086 bnc#1100091
    bnc#1099598).
    - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).
    - xen/x86/spectre_v1: Disable compiler optimizations over
    array_index_mask_nospec() (bsc#1068032).

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Real Time Extension 11-SP4:
      zypper in -t patch slertesp4-kernel-source-13709=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-kernel-source-13709=1

    Package List:

    • SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
      • kernel-rt-3.0.101.rt130-69.30.1
      • kernel-rt-base-3.0.101.rt130-69.30.1
      • kernel-rt-devel-3.0.101.rt130-69.30.1
      • kernel-rt_trace-3.0.101.rt130-69.30.1
      • kernel-rt_trace-base-3.0.101.rt130-69.30.1
      • kernel-rt_trace-devel-3.0.101.rt130-69.30.1
      • kernel-source-rt-3.0.101.rt130-69.30.1
      • kernel-syms-rt-3.0.101.rt130-69.30.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
      • kernel-rt-debuginfo-3.0.101.rt130-69.30.1
      • kernel-rt-debugsource-3.0.101.rt130-69.30.1
      • kernel-rt_debug-debuginfo-3.0.101.rt130-69.30.1
      • kernel-rt_debug-debugsource-3.0.101.rt130-69.30.1
      • kernel-rt_trace-debuginfo-3.0.101.rt130-69.30.1
      • kernel-rt_trace-debugsource-3.0.101.rt130-69.30.1

    References: