openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2384-1
Rating: important
References: #1005776 #1015342 #1020645 #1020657 #1030850
#1031717 #1031784 #1034048 #1037838 #1040813
#1042847 #1047487 #1047989 #1048155 #1048228
#1048325 #1048327 #1048356 #1048501 #1048912
#1048934 #1049226 #1049272 #1049291 #1049336
#1050211 #1050742 #1051790 #1052093 #1052094
#1052095 #1052384 #1052580 #1052888 #1053117
#1053309 #1053472 #1053627 #1053629 #1053633
#1053681 #1053685 #1053802 #1053915 #1053919
#1054082 #1054084 #1055013 #1055096 #1055272
#1055290 #1055359 #1055709 #1055896 #1055935
#1055963 #1056185 #1056588 #1056827 #969756

Cross-References: CVE-2017-12134 CVE-2017-14051
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves two vulnerabilities and has 58 fixes
is now available.

Description:

The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash) by
leveraging root access (bnc#1056588).
– CVE-2017-12134: The xen_biovec_phys_mergeable function in
drivers/xen/biomerge.c in Xen might allow local OS guest users to
corrupt block device data streams and consequently obtain sensitive
memory information, cause a denial of service, or gain host OS
privileges by leveraging incorrect block IO merge-ability calculation
(bnc#1051790 bnc#1053919).

The following non-security bugs were fixed:

– acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
– acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
– acpi: APEI: Enable APEI multiple GHES source to share a single external
IRQ (bsc#1053627).
– acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).
– acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).
– acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes).
– Add “shutdown” to “struct class” (bsc#1053117).
– alsa: hda – Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
(bsc#1020657).
– alsa: hda – Implement mic-mute LED mode enum (bsc#1055013).
– alsa: hda – Workaround for i915 KBL breakage
(bsc#1048356,bsc#1047989,bsc#1055272).
– alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
– alsa: usb-audio: Apply sample rate quirk to Sennheiser headset
(bsc#1052580).
– arm64: do not trace atomic operations (bsc#1055290).
– block: add kblock_mod_delayed_work_on() (bsc#1050211).
– block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet
time (bsc#1050211).
– block: provide bio_uninit() free freeing integrity/task associations
(bsc#1050211).
– block: return on congested block device (FATE#321994).
– bluetooth: bnep: fix possible might sleep error in bnep_session
(bsc#1031784).
– bluetooth: cmtp: fix possible might sleep error in cmtp_session
(bsc#1031784).
– bnxt_en: Add a callback to inform RDMA driver during PCI shutdown
(bsc#1053309).
– bnxt_en: Add additional chip ID definitions (bsc#1053309).
– bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool
stats (bsc#1053309).
– bnxt_en: Add missing logic to handle TPA end error conditions
(bsc#1053309).
– bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).
– bnxt_en: Allow the user to set ethtool stats-block-usecs to 0
(bsc#1053309).
– bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration
(bsc#1053309).
– bnxt_en: Check status of firmware DCBX agent before setting
DCB_CAP_DCBX_HOST (bsc#1053309).
– bnxt_en: Fix bug in ethtool -L (bsc#1053309).
– bnxt_en: Fix netpoll handling (bsc#1053309).
– bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).
– bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).
– bnxt_en: Fix xmit_more with BQL (bsc#1053309).
– bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309).
– bnxt_en: Implement xmit_more (bsc#1053309).
– bnxt_en: Optimize doorbell write operations for newer chips
(bsc#1053309).
– bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).
– bnxt_en: Report firmware DCBX agent (bsc#1053309).
– bnxt_en: Retrieve the hardware bridge mode from the firmware
(bsc#1053309).
– bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).
– bnxt_en: Support for Short Firmware Message (bsc#1053309).
– bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).
– bnxt: fix unsigned comparsion with 0 (bsc#1053309).
– bnxt: fix unused variable warnings (bsc#1053309).
– btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
– btrfs: nowait aio: Correct assignment of pos (FATE#321994).
– btrfs: nowait aio support (FATE#321994).
– ceph: avoid accessing freeing inode in ceph_check_delayed_caps()
(bsc#1048228).
– ceph: avoid invalid memory dereference in the middle of umount
(bsc#1048228).
– ceph: cleanup writepage_nounlock() (bsc#1048228).
– ceph: do not re-send interrupted flock request (bsc#1048228).
– ceph: getattr before read on ceph.* xattrs (bsc#1048228).
– ceph: handle epoch barriers in cap messages (bsc#1048228).
– ceph: new mount option that specifies fscache uniquifier (bsc#1048228).
– ceph: redirty page when writepage_nounlock() skips unwritable page
(bsc#1048228).
– ceph: remove special ack vs commit behavior (bsc#1048228).
– ceph: remove useless page->mapping check in writepage_nounlock()
(bsc#1048228).
– ceph: re-request max size after importing caps (bsc#1048228).
– ceph: update ceph_dentry_info::lease_session when necessary
(bsc#1048228).
– ceph: update the ‘approaching max_size’ code (bsc#1048228).
– ceph: when seeing write errors on an inode, switch to sync writes
(bsc#1048228).
– cifs: Fix maximum SMB2 header size (bsc#1056185).
– clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization
(bsc#1055709).
– crush: assume weight_set != null imples weight_set_size > 0
(bsc#1048228).
– crush: crush_init_workspace starts with struct crush_work (bsc#1048228).
– crush: implement weight and id overrides for straw2 (bsc#1048228).
– crush: remove an obsolete comment (bsc#1048228).
– crypto: chcr – Add ctr mode and process large sg entries for cipher
(bsc#1048325).
– crypto: chcr – Avoid changing request structure (bsc#1048325).
– crypto: chcr – Ensure Destination sg entry size less than 2k
(bsc#1048325).
– crypto: chcr – Fix fallback key setting (bsc#1048325).
– crypto: chcr – Pass lcb bit setting to firmware (bsc#1048325).
– crypto: chcr – Return correct error code (bsc#1048325).
– cxgb4: update latest firmware version supported (bsc#1048327).
– cxgbit: add missing __kfree_skb() (bsc#1052095).
– cxgbit: fix sg_nents calculation (bsc#1052095).
– Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384)
– dm: make flush bios explicitly sync (bsc#1050211).
– dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).
– drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
– drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
– ext4: nowait aio support (FATE#321994).
– fs: Introduce filemap_range_has_page() (FATE#321994).
– fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).
– fs: pass on flags in compat_writev (bsc#1050211).
– fs: return if direct I/O will trigger writeback (FATE#321994).
– fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).
– fs: Use RWF_* flags for AIO operations (FATE#321994).
– fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
– i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
(bsc#1049291).
– i2c: designware: Convert to use unified device property API
(bsc#1049291).
– i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).
– i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).
– i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).
– i2c: xgene-slimpro: Use a single function to send command message
(bsc#1053633).
– i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).
– ib/iser: Fix connection teardown race condition (bsc#1050211).
– iscsi-target: fix invalid flags in text response (bsc#1052095).
– iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
– kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).
– kABI: protect enum pid_type (kabi).
– kABI: protect struct iscsi_np (kabi).
– kABI: protect struct se_lun (kabi).
– kabi/severities: add fs/ceph to kabi severities (bsc#1048228).
– kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)
– kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)
– kABI: uninline task_tgid_nr_nr (kabi).
– kvm: arm64: Restore host physical timer access on hyp_panic()
(bsc#1054082).
– kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability
(bsc#1054082).
– kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state
(bsc#1055935).
– kvm: x86: block guest protection keys unless the host has them enabled
(bsc#1055935).
– kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).
– kvm: x86: simplify handling of PKRU (bsc#1055935).
– libceph: abort already submitted but abortable requests when map or pool
goes full (bsc#1048228).
– libceph: add an epoch_barrier field to struct ceph_osd_client
(bsc#1048228).
– libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS
(bsc#1048228).
– libceph: advertise support for OSD_POOLRESEND (bsc#1048228).
– libceph: allow requests to return immediately on full conditions if
caller wishes (bsc#1048228).
– libceph: always populate t->target_{oid,oloc} in calc_target()
(bsc#1048228).
– libceph: always signal completion when done (bsc#1048228).
– libceph: apply_upmap() (bsc#1048228).
– libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).
– libceph: ceph_connection_operations::reencode_message() method
(bsc#1048228).
– libceph: ceph_decode_skip_* helpers (bsc#1048228).
– libceph: compute actual pgid in ceph_pg_to_up_acting_osds()
(bsc#1048228).
– libceph, crush: per-pool crush_choose_arg_map for crush_do_rule()
(bsc#1048228).
– libceph: delete from need_resend_linger before check_linger_pool_dne()
(bsc#1048228).
– libceph: do not call encode_request_finish() on MOSDBackoff messages
(bsc#1048228).
– libceph: do not call ->reencode_message() more than once per message
(bsc#1048228).
– libceph: do not pass pgid by value (bsc#1048228).
– libceph: drop need_resend from calc_target() (bsc#1048228).
– libceph: encode_{pgid,oloc}() helpers (bsc#1048228).
– libceph: fallback for when there isn’t a pool-specific choose_arg
(bsc#1048228).
– libceph: fix old style declaration warnings (bsc#1048228).
– libceph: foldreq->last_force_resend into ceph_osd_request_target
(bsc#1048228).
– libceph: get rid of ack vs commit (bsc#1048228).
– libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228).
– libceph: initialize last_linger_id with a large integer (bsc#1048228).
– libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).
– libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).
– libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228).
– libceph: make DEFINE_RB_* helpers more general (bsc#1048228).
– libceph: make encode_request_*() work with r_mempool requests
(bsc#1048228).
– libceph: make RECOVERY_DELETES feature create a new interval
(bsc#1048228).
– libceph: make sure need_resend targets reflect latest map (bsc#1048228).
– libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).
– libceph: new features macros (bsc#1048228).
– libceph: new pi->last_force_request_resend (bsc#1048228).
– libceph: NULL deref on osdmap_apply_incremental() error path
(bsc#1048228).
– libceph: osd_request_timeout option (bsc#1048228).
– libceph: osd_state is 32 bits wide in luminous (bsc#1048228).
– libceph: pg_upmap[_items] infrastructure (bsc#1048228).
– libceph: pool deletion detection (bsc#1048228).
– libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1048228).
– libceph: remove ceph_sanitize_features() workaround (bsc#1048228).
– libceph: remove now unused finish_request() wrapper (bsc#1048228).
– libceph: remove req->r_replay_version (bsc#1048228).
– libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).
– libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).
– libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).
– libceph: support SERVER_JEWEL feature bits (bsc#1048228).
– libceph: take osdc->lock in osdmap_show() and dump flags in hex
(bsc#1048228).
– libceph: upmap semantic changes (bsc#1048228).
– libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()
(bsc#1048228).
– libceph: use target pi for calc_target() calculations (bsc#1048228).
– lib: test_rhashtable: fix for large entry counts (bsc#1055359).
– lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
– locking/rwsem: Fix down_write_killable() for
CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).
– locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
(bsc#969756).
– lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).
– lpfc: convert info messages to standard messages (bsc#1052384).
– lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).
– lpfc: Correct return error codes to align with nvme_fc transport
(bsc#1052384).
– lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).
– lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).
– lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).
– lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology
(bsc#1052384).
– lpfc: fix “integer constant too large” error on 32bit archs
(bsc#1052384).
– lpfc: Fix loop mode target discovery (bsc#1052384).
– lpfc: Fix MRQ > 1 context list handling (bsc#1052384).
– lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).
– lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).
– lpfc: Fix oops when NVME Target is discovered in a nonNVME environment
(bsc#1052384).
– lpfc: Fix plogi collision that causes illegal state transition
(bsc#1052384).
– lpfc: Fix rediscovery on switch blade pull (bsc#1052384).
– lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).
– lpfc: fixup crash during storage failover operations (bsc#1042847).
– lpfc: Limit amount of work processed in IRQ (bsc#1052384).
– lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).
– lpfc: remove console log clutter (bsc#1052384).
– lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).
– megaraid_sas: Fix probing cards without io port (bsc#1053681).
– mmc: mmc: correct the logic for setting HS400ES signal voltage
(bsc#1054082).
– mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
poison — git fixes).
– mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
– net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).
– netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
– netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
– netfilter: x_tables: pass xt_counters struct instead of packet counter
(bsc#1052888).
– netfilter: x_tables: pass xt_counters struct to counter allocator
(bsc#1052888).
– net: hns: add acpi function of xge led control (bsc#1049336).
– net: hns: Fix a skb used after free bug (bsc#1049336).
– net/mlx5: Cancel delayed recovery work when unloading the driver
(bsc#1015342).
– net/mlx5: Clean SRIOV eswitch resources upon VF creation failure
(bsc#1015342).
– net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).
– net/mlx5e: Add field select to MTPPS register (bsc#1015342).
– net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).
– net/mlx5e: Change 1PPS out scheme (bsc#1015342).
– net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
– net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).
– net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).
– net/mlx5e: Initialize CEE’s getpermhwaddr address buffer to 0xff
(bsc#1015342).
– net/mlx5e: Rename physical symbol errors counter (bsc#1015342).
– net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
(bsc#1015342).
– net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).
– net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).
– net: phy: Fix lack of reference count on PHY driver (bsc#1049336).
– net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()
(bsc#1049336).
– nvme-fc: address target disconnect race conditions in fcp io submit
(bsc#1052384).
– nvme-fc: do not override opts->nr_io_queues (bsc#1052384).
– nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).
– nvme_fc/nvmet_fc: revise Create Association descriptor length
(bsc#1052384).
– nvme_fc: Reattach to localports on re-registration (bsc#1052384).
– nvme-fc: revise TRADDR parsing (bsc#1052384).
– nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).
– nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it
(bsc#1052384).
– nvme: fix hostid parsing (bsc#1049272).
– nvme-loop: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
– nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).
– nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting
(bsc#1052384).
– nvmet: avoid unneeded assignment of submit_bio return value
(bsc#1052384).
– nvmet_fc: Accept variable pad lengths on Create Association LS
(bsc#1052384).
– nvmet_fc: add defer_req callback for deferment of cmd buffer return
(bsc#1052384).
– nvmet-fc: correct use after free on list teardown (bsc#1052384).
– nvmet-fc: eliminate incorrect static markers on local variables
(bsc#1052384).
– nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association
(bsc#1052384).
– nvmet_fc: Simplify sg list handling (bsc#1052384).
– nvmet: prefix version configfs file with attr (bsc#1052384).
– of: fix “/cpus” reference leak in of_numa_parse_cpu_nodes()
(bsc#1056827).
– ovl: fix dentry leak for default_permissions (bsc#1054084).
– pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).
– pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs
(1050211).
– percpu_ref: allow operation mode switching operations to be called
concurrently (bsc#1055096).
– percpu_ref: remove unnecessary RCU grace period for staggered atomic
switching confirmation (bsc#1055096).
– percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
percpu_ref_switch_to_atomic() (bsc#1055096).
– percpu_ref: restructure operation mode switching (bsc#1055096).
– percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
– phy: Do not increment MDIO bus refcount unless it’s a different owner
(bsc#1049336).
– phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).
– qeth: add network device features for VLAN devices (bnc#1053472,
LTC#157385).
– r8169: Add support for restarting auto-negotiation (bsc#1050742).
– r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).
– r8169:fix system hange problem (bsc#1050742).
– r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).
– r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).
– r8169:Remove unnecessary phy reset for pcie nic when setting link spped
(bsc#1050742).
– r8169:Update the way of reading RTL8168H PHY register “rg_saw_cnt”
(bsc#1050742).
– rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).
– Remove patch
0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch
(bsc#1037838)
– Revert “ceph: SetPageError() for writeback pages if writepages fails”
(bsc#1048228).
– s390/diag: add diag26c support (bnc#1053472, LTC#156729).
– s390: export symbols for crash-kmp (bsc#1053915).
– s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h
(bsc#1053472).
– s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472,
LTC#157731).
– s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).
– s390/pci: improve error handling during fmb (de)registration
(bnc#1053472, LTC#157731).
– s390/pci: improve error handling during interrupt deregistration
(bnc#1053472, LTC#157731).
– s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).
– s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).
– s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).
– s390/pci: provide more debug information (bnc#1053472, LTC#157731).
– s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).
– s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).
– s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).
– s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472,
LTC#156729).
– scsi: csiostor: add check for supported fw version (bsc#1005776).
– scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).
– scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
(bsc#1005776).
– scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).
– scsi: csiostor: update module version (bsc#1052093).
– scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).
– scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).
– scsi: qedf: Limit number of CQs (bsc#1040813).
– supported.conf: clear mistaken external support flag for cifs.ko
(bsc#1053802).
– tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
8e0ee3c9faed).
– tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
– tpm: KABI fix (bsc#1053117).
– tpm: read burstcount from TPM_STS in one 32-bit transaction
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 27084efee0c3).
– tpm_tis_core: Choose appropriate timeout for reading burstcount
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes aec04cbdf723).
– tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
aec04cbdf723).
– tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).
– tty: serial: msm: Support more bauds (git-fixes).
– Update
patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch
(bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
git-fixes 5ca4c20cfd37).
– usb: core: fix device node leak (bsc#1047487).
– x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).
– xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage
(bsc#1055896).
– xfs: nowait aio support (FATE#321994).
– xgene: Always get clk source, but ignore if it’s missing for SGMII ports
(bsc#1048501).
– xgene: Do not fail probe, if there is no clk resource for SGMII
interfaces (bsc#1048501).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1017=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.85-22.1
kernel-docs-4.4.85-22.3
kernel-docs-html-4.4.85-22.3
kernel-docs-pdf-4.4.85-22.3
kernel-macros-4.4.85-22.1
kernel-source-4.4.85-22.1
kernel-source-vanilla-4.4.85-22.1

– openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.85-22.1
kernel-debug-base-4.4.85-22.1
kernel-debug-base-debuginfo-4.4.85-22.1
kernel-debug-debuginfo-4.4.85-22.1
kernel-debug-debugsource-4.4.85-22.1
kernel-debug-devel-4.4.85-22.1
kernel-debug-devel-debuginfo-4.4.85-22.1
kernel-default-4.4.85-22.1
kernel-default-base-4.4.85-22.1
kernel-default-base-debuginfo-4.4.85-22.1
kernel-default-debuginfo-4.4.85-22.1
kernel-default-debugsource-4.4.85-22.1
kernel-default-devel-4.4.85-22.1
kernel-obs-build-4.4.85-22.1
kernel-obs-build-debugsource-4.4.85-22.1
kernel-obs-qa-4.4.85-22.1
kernel-syms-4.4.85-22.1
kernel-vanilla-4.4.85-22.1
kernel-vanilla-base-4.4.85-22.1
kernel-vanilla-base-debuginfo-4.4.85-22.1
kernel-vanilla-debuginfo-4.4.85-22.1
kernel-vanilla-debugsource-4.4.85-22.1
kernel-vanilla-devel-4.4.85-22.1

References:

https://www.suse.com/security/cve/CVE-2017-12134.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://bugzilla.suse.com/1005776
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1020657
https://bugzilla.suse.com/1030850
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031784
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1037838
https://bugzilla.suse.com/1040813
https://bugzilla.suse.com/1042847
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1047989
https://bugzilla.suse.com/1048155
https://bugzilla.suse.com/1048228
https://bugzilla.suse.com/1048325
https://bugzilla.suse.com/1048327
https://bugzilla.suse.com/1048356
https://bugzilla.suse.com/1048501
https://bugzilla.suse.com/1048912
https://bugzilla.suse.com/1048934
https://bugzilla.suse.com/1049226
https://bugzilla.suse.com/1049272
https://bugzilla.suse.com/1049291
https://bugzilla.suse.com/1049336
https://bugzilla.suse.com/1050211
https://bugzilla.suse.com/1050742
https://bugzilla.suse.com/1051790
https://bugzilla.suse.com/1052093
https://bugzilla.suse.com/1052094
https://bugzilla.suse.com/1052095
https://bugzilla.suse.com/1052384
https://bugzilla.suse.com/1052580
https://bugzilla.suse.com/1052888
https://bugzilla.suse.com/1053117
https://bugzilla.suse.com/1053309
https://bugzilla.suse.com/1053472
https://bugzilla.suse.com/1053627
https://bugzilla.suse.com/1053629
https://bugzilla.suse.com/1053633
https://bugzilla.suse.com/1053681
https://bugzilla.suse.com/1053685
https://bugzilla.suse.com/1053802
https://bugzilla.suse.com/1053915
https://bugzilla.suse.com/1053919
https://bugzilla.suse.com/1054082
https://bugzilla.suse.com/1054084
https://bugzilla.suse.com/1055013
https://bugzilla.suse.com/1055096
https://bugzilla.suse.com/1055272
https://bugzilla.suse.com/1055290
https://bugzilla.suse.com/1055359
https://bugzilla.suse.com/1055709
https://bugzilla.suse.com/1055896
https://bugzilla.suse.com/1055935
https://bugzilla.suse.com/1055963
https://bugzilla.suse.com/1056185
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1056827
https://bugzilla.suse.com/969756

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org