openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2846-1
Rating: important
References: #1004527 #1012382 #1015342 #1015343 #1019675
#1019680 #1019695 #1019699 #1020412 #1020989
#1022595 #1022604 #1022912 #1024346 #1024373
#1025461 #1032150 #1034075 #1037579 #1037890
#1050471 #1052360 #1055567 #1056230 #1056427
#1056587 #1056596 #1058135 #1059863 #1060249
#1060400 #1060985 #1061451 #1061721 #1061775
#1062279 #1062520 #1062962 #1063102 #1063349
#1063460 #1063475 #1063501 #1063509 #1063520
#1063570 #1063667 #1063695 #1064064 #1064206
#1064388 #1064436 #963575 #964944 #966170
#966172 #966186 #966191 #966316 #966318 #969476
#969477 #971975
Cross-References: CVE-2017-13080 CVE-2017-15265 CVE-2017-15649

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves three vulnerabilities and has 60
fixes is now available.

Description:

The openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
reinstallation of the Group Temporal Key (GTK) during the group key
handshake, allowing an attacker within radio range to replay frames from
access points to clients (bnc#1063667).
– CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
allowed local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (bnc#1062520).
– CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
users to gain privileges via crafted system calls that trigger
mishandling of packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that leads to a
use-after-free, a different vulnerability than CVE-2017-6346
(bnc#1064388).

The following non-security bugs were fixed:

– acpi/processor: Check for duplicate processor ids at hotplug time
(bnc#1056230).
– acpi/processor: Implement DEVICE operator for processor enumeration
(bnc#1056230).
– add mainline tags to hyperv patches
– alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
– alsa: compress: Remove unused variable (bnc#1012382).
– alsa: usb-audio: Check out-of-bounds access by corrupted buffer
descriptor (bnc#1012382).
– alsa: usx2y: Suppress kernel warning at page allocation failures
(bnc#1012382).
– arm64: add function to get a cpu’s MADT GICC table (bsc#1062279).
– arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481).
– arm64/perf: Access pmu register using <read/write;gt;_sys_reg
(bsc#1062279).
– arm64/perf: Add Broadcom Vulcan PMU support (fate#319481).
– arm64/perf: Changed events naming as per the ARM ARM (fate#319481).
– arm64/perf: Define complete ARMv8 recommended implementation defined
events (fate#319481).
– arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279).
– arm64: perf: Extend event config for ARMv8.1 (bsc#1062279).
– arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481).
– arm64: perf: Ignore exclude_hv when kernel is running in HYP
(bsc#1062279).
– arm64: perf: move to common attr_group fields (bsc#1062279).
– arm64: perf: Use the builtin_platform_driver (bsc#1062279).
– arm64: pmu: add fallback probe table (bsc#1062279).
– arm64: pmu: Hoist pmu platform device name (bsc#1062279).
– arm64: pmu: Probe default hw/cache counters (bsc#1062279).
– arm64: pmuv3: handle pmuv3+ (bsc#1062279).
– arm64: pmuv3: handle !PMUv3 when probing (bsc#1062279).
– arm64: pmuv3: use arm_pmu ACPI framework (bsc#1062279).
– arm64: pmu: Wire-up Cortex A53 L2 cache events and DTLB refills
(bsc#1062279).
– arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).
– arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
(bnc#1012382).
– arm/perf: Convert to hotplug state machine (bsc#1062279).
– arm/perf: Fix hotplug state machine conversion (bsc#1062279).
– arm/perf: Use multi instance instead of custom list (bsc#1062279).
– arm: remove duplicate ‘const’ annotations’ (bnc#1012382).
– asoc: dapm: fix some pointer error handling (bnc#1012382).
– asoc: dapm: handle probe deferrals (bnc#1012382).
– audit: log 32-bit socketcalls (bnc#1012382).
– blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in
pnv_ioda_parse_m64_window()
– blacklist.conf: fix commit exists twice in upstream, blacklist one of
them
– blacklist.conf: stack limit warning isn’t triggered on SP3
– block: genhd: add device_add_disk_with_groups (bsc#1060400).
– bnx2x: Do not log mc removal needlessly (bsc#1019680 FATE#321692).
– bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575
FATE#320144).
– bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re
(bsc#1020412 FATE#321671).
– bnxt_re: Do not issue cmd to delete GID for QP1 GID entry before the QP
is destroyed (bsc#1056596).
– bnxt_re: Fix compare and swap atomic operands (bsc#1056596).
– bnxt_re: Fix memory leak in FRMR path (bsc#1056596).
– bnxt_re: Fix race between the netdev register and unregister events
(bsc#1037579).
– bnxt_re: Fix update of qplib_qp.mtu when modified (bsc#1056596).
– bnxt_re: Free up devices in module_exit path (bsc#1056596).
– bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port (bsc#1056596).
– bnxt_re: Stop issuing further cmds to FW once a cmd times out
(bsc#1056596).
– brcmfmac: setup passive scan if requested by user-space (bnc#1012382).
– bridge: netlink: register netdevice before executing changelink
(bnc#1012382).
– ceph: avoid panic in create_session_open_msg() if utsname() returns NULL
(bsc#1061451).
– ceph: check negative offsets in ceph_llseek() (bsc#1061451).
– ceph: fix message order check in handle_cap_export() (bsc#1061451).
– ceph: fix NULL pointer dereference in ceph_flush_snaps() (bsc#1061451).
– ceph: limit osd read size to CEPH_MSG_MAX_DATA_LEN (bsc#1061451).
– ceph: limit osd write size (bsc#1061451).
– ceph: stop on-going cached readdir if mds revokes FILE_SHARED cap
(bsc#1061451).
– ceph: validate correctness of some mount options (bsc#1061451).
– documentation: arm64: pmu: Add Broadcom Vulcan PMU binding (fate#319481).
– driver-core: platform: Add platform_irq_count() (bsc#1062279).
– driver core: platform: Do not read past the end of “driver_override”
buffer (bnc#1012382).
– drivers: firmware: psci: drop duplicate const from psci_of_match
(FATE#319482 bnc#1012382).
– drivers: hv: fcopy: restore correct transfer length (bnc#1012382).
– drivers/perf: arm_pmu_acpi: avoid perf IRQ init when guest PMU is off
(bsc#1062279).
– drivers/perf: arm_pmu_acpi: Release memory obtained by kasprintf
(bsc#1062279).
– drivers/perf: arm_pmu: add ACPI framework (bsc#1062279).
– drivers/perf: arm_pmu: add common attr group fields (bsc#1062279).
– drivers/perf: arm_pmu: Always consider IRQ0 as an error (bsc#1062279).
– drivers/perf: arm_pmu: Avoid leaking pmu->irq_affinity on error
(bsc#1062279).
– drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree
(bsc#1062279).
– drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock (bsc#1062279).
– drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu
(bsc#1062279).
– drivers/perf: arm_pmu: define armpmu_init_fn (bsc#1062279).
– drivers/perf: arm_pmu: expose a cpumask in sysfs (bsc#1062279).
– drivers/perf: arm_pmu: factor out pmu registration (bsc#1062279).
– drivers/perf: arm-pmu: Fix handling of SPI lacking “interrupt-affinity”
property (bsc#1062279).
– drivers/perf: arm_pmu: Fix NULL pointer dereference during probe
(bsc#1062279).
– drivers/perf: arm-pmu: fix RCU usage on pmu resume from low-power
(bsc#1062279).
– drivers/perf: arm_pmu: Fix reference count of a device_node in
of_pmu_irq_cfg (bsc#1062279).
– drivers/perf: arm_pmu: fold init into alloc (bsc#1062279).
– drivers/perf: arm_pmu: handle no platform_device (bsc#1062279).
– drivers/perf: arm-pmu: Handle per-interrupt affinity mask (bsc#1062279).
– drivers/perf: arm_pmu: implement CPU_PM notifier (bsc#1062279).
– drivers/perf: arm_pmu: make info messages more verbose (bsc#1062279).
– drivers/perf: arm_pmu: manage interrupts per-cpu (bsc#1062279).
– drivers/perf: arm_pmu: move irq request/free into probe (bsc#1062279).
– drivers/perf: arm_pmu: only use common attr_groups (bsc#1062279).
– drivers/perf: arm_pmu: remove pointless PMU disabling (bsc#1062279).
– drivers/perf: arm_pmu: rename irq request/free functions (bsc#1062279).
– drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU (bsc#1062279).
– drivers/perf: arm_pmu: rework per-cpu allocation (bsc#1062279).
– drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() (bsc#1062279).
– drivers/perf: arm_pmu: split cpu-local irq request/free (bsc#1062279).
– drivers/perf: arm_pmu: split irq request from enable (bsc#1062279).
– drivers/perf: arm_pmu: split out platform device probe logic
(bsc#1062279).
– drivers/perf: kill armpmu_register (bsc#1062279).
– drm/amdkfd: fix improper return value on error (bnc#1012382).
– drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).
– drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382).
– drm/i915/bios: ignore HDMI on port A (bnc#1012382).
– e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll()
(bsc#1022912 FATE#321246).
– edac, sb_edac: Assign EDAC memory controller per h/w controller
(bsc#1061721).
– edac, sb_edac: Avoid creating SOCK memory controller (bsc#1061721).
– edac, sb_edac: Bump driver version and do some cleanups (bsc#1061721).
– edac, sb_edac: Carve out dimm-populating loop (bsc#1061721).
– edac, sb_edac: Check if ECC enabled when at least one DIMM is present
(bsc#1061721).
– edac, sb_edac: Classify memory mirroring modes (bsc#1061721).
– edac, sb_edac: Classify PCI-IDs by topology (bsc#1061721).
– edac, sb_edac: Do not create a second memory controller if HA1 is not
present (bsc#1061721).
– edac, sb_edac: Do not use “Socket#” in the memory controller name
(bsc#1061721).
– edac, sb_edac: Drop NUM_CHANNELS from 8 back to 4 (bsc#1061721).
– edac, sb_edac: Fix mod_name (bsc#1061721).
– edac, sb_edac: Get rid of ->show_interleave_mode() (bsc#1061721).
– edac, sb_edac: Remove double buffering of error records (bsc#1061721).
– edac, sb_edac: Remove NULL pointer check on array pci_tad (bsc#1061721).
– edac, skx_edac: Handle systems with segmented PCI busses (bsc#1063102).
– ext4: do not allow encrypted operations without keys (bnc#1012382).
– extcon: axp288: Use vbus-valid instead of -present to determine cable
presence (bnc#1012382).
– exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).
– fix flags ordering (bsc#1034075 comment 131)
– Fix mpage_writepage() for pages with buffers (bsc#1050471).
– fix whitespace according to upstream commit
– fs/epoll: cache leftmost node (bsc#1056427).
– fs/mpage.c: fix mpage_writepage() for pages with buffers (bsc#1050471).
Update to version in mainline
– ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382).
– gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382).
– hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).
– hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
attributes (bnc#1012382).
– i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382).
– i40e: Initialize 64-bit statistics TX ring seqcount (bsc#1024346
FATE#321239 bsc#1024373 FATE#321247).
– i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477
FATE#319816).
– i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477
FATE#319816).
– ib/core: Add generic function to extract IB speed from netdev
(bsc#1056596).
– ib/core: Add ordered workqueue for RoCE GID management (bsc#1056596).
– ib/core: Fix for core panic (bsc#1022595 FATE#322350).
– ib/core: Fix the validations of a multicast LID in attach or detach
operations (bsc#1022595 FATE#322350).
– ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648
bsc#969477 FATE#319816).
– ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382 bsc#1022595
FATE#322350).
– ib/ipoib: Replace list_del of the neigh->list with list_del_init
(FATE#322350 bnc#1012382 bsc#1022595).
– ib/ipoib: rtnl_unlock can not come after free_netdev (FATE#322350
bnc#1012382 bsc#1022595).
– ib/mlx5: Change logic for dispatching IB events for port state
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
– ib/mlx5: Fix cached MR allocation flow (bsc#1015342 FATE#321688
bsc#1015343 FATE#321689).
– ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
– ibmvnic: Set state UP (bsc#1062962).
– ib/qib: fix false-postive maybe-uninitialized warning (FATE#321231
FATE#321473 FATE#322149 FATE#322153 bnc#1012382).
– igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).
– iio: ad7793: Fix the serial interface reset (bnc#1012382).
– iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register
modifications (bnc#1012382).
– iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).
– iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).
– iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).
– iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling
path of ‘twl4030_madc_probe()’ (bnc#1012382).
– iio: adc: twl4030: Fix an error handling path in ‘twl4030_madc_probe()’
(bnc#1012382).
– iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382).
– iio: core: Return error for failed read_reg (bnc#1012382).
– iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
(bnc#1012382).
– iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).
– kabi fixup struct nvmet_sq (bsc#1063349).
– kABI: protect enum fs_flow_table_type (bsc#1015342 FATE#321688
bsc#1015343 FATE#321689).
– kABI: protect struct mlx5_priv (bsc#1015342 FATE#321688 bsc#1015343
FATE#321689).
– kABI: protect struct rm_data_op (kabi).
– kABI: protect struct sdio_func (kabi).
– libata: transport: Remove circular dependency at free time (bnc#1012382).
– libceph: do not allow bidirectional swap of pg-upmap-items (bsc#1061451).
– lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
(bnc#1012382).
– md/raid10: submit bio directly to replacement disk (bnc#1012382).
– mips: Ensure bss section ends on a long-aligned address (bnc#1012382).
– mips: Fix minimum alignment requirement of IRQ stack (git-fixes).
– mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).
– mips: Lantiq: Fix another request_mem_region() return code check
(bnc#1012382).
– mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).
– mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array
(bsc#966170 FATE#320225 bsc#966172 FATE#320226).
– mm: avoid marking swap cached page as lazyfree (VM Functionality,
bsc#1061775).
– mm/backing-dev.c: fix an error handling path in ‘cgwb_create()’
(bnc#1063475).
– mm,compaction: serialize waitqueue_active() checks (for real)
(bsc#971975).
– mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).
– mm: discard memblock data later (bnc#1063460).
– mm: fix data corruption caused by lazyfree page (VM Functionality,
bsc#1061775).
– mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).
– mm: meminit: mark init_reserved_page as __meminit (bnc#1063509).
– mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to
inline function (bnc#1063501).
– mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as
unsigned long (bnc#1063520).
– net: core: Prevent from dereferencing null pointer when releasing SKB
(bnc#1012382).
– netfilter: invoke synchronize_rcu after set the _hook_ to NULL
(bnc#1012382).
– netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
(bnc#1012382).
– net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
(bsc#966191 FATE#320230 bsc#966186 FATE#320228).
– net/mlx5: Check device capability for maximum flow counters (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5: Delay events till ib registration ends (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Check for qos capability in dcbnl_initialize (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Do not add/remove 802.1ad rules when changing 802.1Q VLAN
filter (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Fix calculated checksum offloads counters (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Fix dangling page pointer on DMA mapping error (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Fix DCB_CAP_ATTR_DCBX capability for DCBNL getcap
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Fix inline header size for small packets (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Print netdev features correctly in error message (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
– net/mlx5: E-Switch, Unload the representors in the correct order
(bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5: Fix arm SRQ command for ISSI version 0 (bsc#1015342
FATE#321688 bsc#1015343 FATE#321689).
– net/mlx5: Fix command completion after timeout access invalid structure
(bsc#966318 FATE#320158 bsc#966316 FATE#320159).
– net/mlx5: Fix counter list hardware structure (bsc#1015342 FATE#321688
bsc#1015343 FATE#321689).
– net/mlx5: Remove the flag MLX5_INTERFACE_STATE_SHUTDOWN (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
– net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170
FATE#320225 bsc#966172 FATE#320226).
– net: mvpp2: fix the mac address used when using PPv2.2 (bsc#1032150).
– net: mvpp2: use {get, put}_cpu() instead of smp_processor_id()
(bsc#1032150).
– net/packet: check length in getsockopt() called with PACKET_HDRLEN
(bnc#1012382).
– netvsc: Initialize 64-bit stats seqcount (fate#320485).
– nvme: allow timed-out ios to retry (bsc#1063349).
– nvme: fix sqhd reference when admin queue connect fails (bsc#1063349).
– nvme: fix visibility of “uuid” ns attribute (bsc#1060400).
– nvme: protect against simultaneous shutdown invocations (FATE#319965
bnc#1012382 bsc#964944).
– nvme: stop aer posting if controller state not live (bsc#1063349).
– nvmet: implement valid sqhd values in completions (bsc#1063349).
– nvmet: synchronize sqhd update (bsc#1063349).
– nvme: use device_add_disk_with_groups() (bsc#1060400).
– parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).
– partitions/efi: Fix integer overflow in GPT size calculation
(FATE#322379 bnc#1012382 bsc#1020989).
– perf: arm: acpi: remove cpu hotplug statemachine dependency
(bsc#1062279).
– perf: arm: platform: remove cpu hotplug statemachine dependency
(bsc#1062279).
– perf: arm: replace irq_get_percpu_devid_partition call (bsc#1062279).
– perf: arm: temporary workaround for build errors (bsc#1062279).
– perf: Convert to using %pOF instead of full_name (bsc#1062279).
– powerpc: Fix unused function warning ‘lmb_to_memblock’ (FATE#322022).
– powerpc/pseries: Add pseries hotplug workqueue (FATE#322022).
– powerpc/pseries: Auto-online hotplugged memory (FATE#322022).
– powerpc/pseries: Check memory device state before onlining/offlining
(FATE#322022).
– powerpc/pseries: Correct possible read beyond dlpar sysfs buffer
(FATE#322022).
– powerpc/pseries: Do not attempt to acquire drc during memory hot add for
assigned lmbs (FATE#322022).
– powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n (FATE#322022).
– powerpc/pseries: fix memory leak in queue_hotplug_event() error path
(FATE#322022).
– powerpc/pseries: Implement indexed-count hotplug memory add
(FATE#322022).
– powerpc/pseries: Implement indexed-count hotplug memory remove
(FATE#322022).
– powerpc/pseries: Introduce memory hotplug READD operation (FATE#322022).
– powerpc/pseries: Make the acquire/release of the drc for memory a
seperate step (FATE#322022).
– powerpc/pseries: Remove call to memblock_add() (FATE#322022).
– powerpc/pseries: Revert ‘Auto-online hotplugged memory’ (FATE#322022).
– powerpc/pseries: Use kernel hotplug queue for PowerVM hotplug events
(FATE#322022).
– powerpc/pseries: Use lmb_is_removable() to check removability
(FATE#322022).
– powerpc/pseries: Verify CPU does not exist before adding (FATE#322022).
– rdma: Fix return value check for ib_get_eth_speed() (bsc#1056596).
– rdma/qedr: Parse VLAN ID correctly and ignore the value of zero
(bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604
FATE#321747).
– rdma/qedr: Parse vlan priority as sl (bsc#1019695 FATE#321703
bsc#1019699 FATE#321702 bsc#1022604 FATE#321747).
– rds: ib: add error handle (bnc#1012382).
– rds: rdma: Fix the composite message user notification (bnc#1012382).
– README.BRANCH: Add Michal and Johannes as co-maintainers.
– Remove superfluous hunk in bigmem backport (bsc#1064436). Refresh
patches.arch/powerpc-bigmem-16-mm-Add-addr_limit-to-mm_context-and-use-it-t
.patch.
– Revert “x86/acpi: Enable MADT APIs to return disabled apicids”
(bnc#1056230).
– Revert “x86/acpi: Set persistent cpuid <-> nodeid mapping when booting”
(bnc#1056230).
– s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060249, LTC#159112).
– s390/qdio: avoid reschedule of outbound tasklet once killed
(bnc#1060249, LTC#159885).
– s390/topology: alternative topology for topology-less machines
(bnc#1060249, LTC#159177).
– s390/topology: always use s390 specific sched_domain_topology_level
(bnc#1060249, LTC#159177).
– s390/topology: enable / disable topology dynamically (bnc#1060249,
LTC#159177).
– sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).
– scsi: fixup kernel warning during rmmod() (bsc#1052360).
– scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695).
– scsi: lpfc: Ensure io aborts interlocked with the target (bsc#1056587).
– scsi: qedi: off by one in qedi_get_cmd_from_tid() (bsc#1004527,
FATE#321744).
– scsi: qla2xxx: Fix uninitialized work element (bsc#1019675,FATE#321701).
– scsi: scsi_transport_fc: Also check for NOTPRESENT in
fc_remote_port_add() (bsc#1037890).
– scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135).
– scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461).
– scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch
is originally part of a larger series which can’t be easily backported
to SLE-12. For a reasoning why we think it’s safe to apply, see
bsc#1060985, comment 20.
– scsi: sg: close race condition in sg_remove_sfp_usercontext()
(bsc#1064206).
– scsi: sg: do not return bogus Sg_requests (bsc#1064206).
– scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206).
– sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382).
– staging: iio: ad7192: Fix – use the dedicated reset function avoiding
dma from stack (bnc#1012382).
– stm class: Fix a use-after-free (bnc#1012382).
– supported.conf: enable dw_mmc-rockchip driver References: bsc#1064064
– team: call netdev_change_features out of team lock (bsc#1055567).
– team: fix memory leaks (bnc#1012382).
– ttpci: address stringop overflow warning (bnc#1012382).
– tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).
– usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).
– usb: core: harden cdc_parse_cdc_header (bnc#1012382).
– usb: devio: Do not corrupt user memory (bnc#1012382).
– usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).
– usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).
– usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).
– usb: fix out-of-bounds in usb_set_configuration (bnc#1012382).
– usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382).
– usb: gadgetfs: Fix crash caused by inadequate synchronization
(bnc#1012382).
– usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
(bnc#1012382).
– usb: gadget: mass_storage: set msg_registered after msg registered
(bnc#1012382).
– usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).
– usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382).
– usb: Increase quirk delay for USB devices (bnc#1012382).
– usb: pci-quirks.c: Corrected timeout values used in handshake
(bnc#1012382).
– usb: plusb: Add support for PL-27A1 (bnc#1012382).
– usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
(bnc#1012382).
– usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
(bnc#1012382).
– usb: serial: mos7720: fix control-message error handling (bnc#1012382).
– usb: serial: mos7840: fix control-message error handling (bnc#1012382).
– usb-storage: unusual_devs entry to fix write-access regression for
Seagate external drives (bnc#1012382).
– usb: uas: fix bug in handling of alternate settings (bnc#1012382).
– uwb: ensure that endpoint is interrupt (bnc#1012382).
– uwb: properly check kthread_run return value (bnc#1012382).
– x86/acpi: Restore the order of CPU IDs (bnc#1056230).
– x86/cpu: Remove unused and undefined __generic_processor_info()
declaration (bnc#1056230).
– x86 edac, sb_edac.c: Take account of channel hashing when needed
(bsc#1061721).
– x86/mshyperv: Remove excess #includes from mshyperv.h (fate#320485).
– xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).
– xfs: remove kmem_zalloc_greedy (bnc#1012382).
– xhci: fix finding correct bus_state structure for USB 3.1 hosts
(bnc#1012382).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1194=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.92-31.1
kernel-docs-4.4.92-31.2
kernel-docs-html-4.4.92-31.2
kernel-docs-pdf-4.4.92-31.2
kernel-macros-4.4.92-31.1
kernel-source-4.4.92-31.1
kernel-source-vanilla-4.4.92-31.1

– openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.92-31.1
kernel-debug-base-4.4.92-31.1
kernel-debug-base-debuginfo-4.4.92-31.1
kernel-debug-debuginfo-4.4.92-31.1
kernel-debug-debugsource-4.4.92-31.1
kernel-debug-devel-4.4.92-31.1
kernel-debug-devel-debuginfo-4.4.92-31.1
kernel-default-4.4.92-31.1
kernel-default-base-4.4.92-31.1
kernel-default-base-debuginfo-4.4.92-31.1
kernel-default-debuginfo-4.4.92-31.1
kernel-default-debugsource-4.4.92-31.1
kernel-default-devel-4.4.92-31.1
kernel-obs-build-4.4.92-31.1
kernel-obs-build-debugsource-4.4.92-31.1
kernel-obs-qa-4.4.92-31.1
kernel-syms-4.4.92-31.1
kernel-vanilla-4.4.92-31.1
kernel-vanilla-base-4.4.92-31.1
kernel-vanilla-base-debuginfo-4.4.92-31.1
kernel-vanilla-debuginfo-4.4.92-31.1
kernel-vanilla-debugsource-4.4.92-31.1
kernel-vanilla-devel-4.4.92-31.1

References:

https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-15265.html
https://www.suse.com/security/cve/CVE-2017-15649.html
https://bugzilla.suse.com/1004527
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1015343
https://bugzilla.suse.com/1019675
https://bugzilla.suse.com/1019680
https://bugzilla.suse.com/1019695
https://bugzilla.suse.com/1019699
https://bugzilla.suse.com/1020412
https://bugzilla.suse.com/1020989
https://bugzilla.suse.com/1022595
https://bugzilla.suse.com/1022604
https://bugzilla.suse.com/1022912
https://bugzilla.suse.com/1024346
https://bugzilla.suse.com/1024373
https://bugzilla.suse.com/1025461
https://bugzilla.suse.com/1032150
https://bugzilla.suse.com/1034075
https://bugzilla.suse.com/1037579
https://bugzilla.suse.com/1037890
https://bugzilla.suse.com/1050471
https://bugzilla.suse.com/1052360
https://bugzilla.suse.com/1055567
https://bugzilla.suse.com/1056230
https://bugzilla.suse.com/1056427
https://bugzilla.suse.com/1056587
https://bugzilla.suse.com/1056596
https://bugzilla.suse.com/1058135
https://bugzilla.suse.com/1059863
https://bugzilla.suse.com/1060249
https://bugzilla.suse.com/1060400
https://bugzilla.suse.com/1060985
https://bugzilla.suse.com/1061451
https://bugzilla.suse.com/1061721
https://bugzilla.suse.com/1061775
https://bugzilla.suse.com/1062279
https://bugzilla.suse.com/1062520
https://bugzilla.suse.com/1062962
https://bugzilla.suse.com/1063102
https://bugzilla.suse.com/1063349
https://bugzilla.suse.com/1063460
https://bugzilla.suse.com/1063475
https://bugzilla.suse.com/1063501
https://bugzilla.suse.com/1063509
https://bugzilla.suse.com/1063520
https://bugzilla.suse.com/1063570
https://bugzilla.suse.com/1063667
https://bugzilla.suse.com/1063695
https://bugzilla.suse.com/1064064
https://bugzilla.suse.com/1064206
https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/1064436
https://bugzilla.suse.com/963575
https://bugzilla.suse.com/964944
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966186
https://bugzilla.suse.com/966191
https://bugzilla.suse.com/966316
https://bugzilla.suse.com/966318
https://bugzilla.suse.com/969476
https://bugzilla.suse.com/969477
https://bugzilla.suse.com/971975

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org