Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:2177-1
Rating:	important
References:	bsc#1045538 bsc#1047487 bsc#1068032 bsc#1087086 bsc#1090078 bsc#1094244 bsc#1094876 bsc#1098408 bsc#1099177 bsc#1099598 bsc#1099709 bsc#1099966 bsc#1100089 bsc#1100091 bsc#1101296 bsc#780242 bsc#784815 bsc#786036 bsc#790588 bsc#795301 bsc#902351 bsc#909495 bsc#923242 bsc#925105 bsc#936423
Cross-References:	CVE-2014-3688
CVSS scores:
Affected Products:	SUSE Linux Enterprise Real Time Extension 11 SP4

An update that solves one vulnerability and has 24 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351)

The following non-security bugs were fixed:

• ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1045538).
• ALSA: seq: Do not allow resizing pool in use (bsc#1045538).
• Delete patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch (bsc# 1090078)
• IB/mlx4: fix sprintf format warning (bnc#786036).
• RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).
• USB: uss720: fix NULL-deref at probe (bnc#1047487).
• bna: integer overflow bug in debugfs (bnc#780242).
• e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bug#923242).
• e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).
• fix a leak in /proc/schedstats (bsc#1094876).
• ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).
• mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).
• module/retpoline: Warn about missing retpoline in module (bnc#1099177).
• net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).
• net/mlx4_en: Change default QoS settings (bnc#786036).
• net/mlx4_en: Use __force to fix a sparse warning in TX datapath (bug#925105).
• netxen: fix incorrect loop counter decrement (bnc#784815).
• powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).
• s390/qdio: do not merge ERROR output buffers (bnc#1099709).
• s390/qeth: do not dump control cmd twice (bnc#1099709).
• s390/qeth: fix SETIP command handling (bnc#1099709).
• s390/qeth: free netdevice when removing a card (bnc#1099709).
• s390/qeth: lock read device while queueing next buffer (bnc#1099709).
• s390/qeth: when thread completes, wake up all waiters (bnc#1099709).
• sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).
• scsi: sg: mitigate read/write abuse (bsc#1101296).
• tg3: do not clear stats while tg3_close (bnc#790588).
• video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bnc#1099966).
• vmxnet3: use correct flag to indicate LRO feature (bsc#936423).
• x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).
• x86-non-upstream-eager-fpu 32bit fix (bnc#1087086 bnc#1100091 bnc#1099598).
• x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).
• xen/x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (bsc#1068032).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time Extension 11 SP4
  zypper in -t patch slertesp4-kernel-source-13709=1

Package List:

• SUSE Linux Enterprise Real Time Extension 11 SP4 (nosrc x86_64)
  • kernel-rt_trace-3.0.101.rt130-69.30.1
  • kernel-rt-3.0.101.rt130-69.30.1
• SUSE Linux Enterprise Real Time Extension 11 SP4 (x86_64)
  • kernel-syms-rt-3.0.101.rt130-69.30.1
  • kernel-rt-devel-3.0.101.rt130-69.30.1
  • kernel-rt-base-3.0.101.rt130-69.30.1
  • kernel-rt_trace-base-3.0.101.rt130-69.30.1
  • kernel-source-rt-3.0.101.rt130-69.30.1
  • kernel-rt_trace-devel-3.0.101.rt130-69.30.1

References:

• https://www.suse.com/security/cve/CVE-2014-3688.html
• https://bugzilla.suse.com/show_bug.cgi?id=1045538
• https://bugzilla.suse.com/show_bug.cgi?id=1047487
• https://bugzilla.suse.com/show_bug.cgi?id=1068032
• https://bugzilla.suse.com/show_bug.cgi?id=1087086
• https://bugzilla.suse.com/show_bug.cgi?id=1090078
• https://bugzilla.suse.com/show_bug.cgi?id=1094244
• https://bugzilla.suse.com/show_bug.cgi?id=1094876
• https://bugzilla.suse.com/show_bug.cgi?id=1098408
• https://bugzilla.suse.com/show_bug.cgi?id=1099177
• https://bugzilla.suse.com/show_bug.cgi?id=1099598
• https://bugzilla.suse.com/show_bug.cgi?id=1099709
• https://bugzilla.suse.com/show_bug.cgi?id=1099966
• https://bugzilla.suse.com/show_bug.cgi?id=1100089
• https://bugzilla.suse.com/show_bug.cgi?id=1100091
• https://bugzilla.suse.com/show_bug.cgi?id=1101296
• https://bugzilla.suse.com/show_bug.cgi?id=780242
• https://bugzilla.suse.com/show_bug.cgi?id=784815
• https://bugzilla.suse.com/show_bug.cgi?id=786036
• https://bugzilla.suse.com/show_bug.cgi?id=790588
• https://bugzilla.suse.com/show_bug.cgi?id=795301
• https://bugzilla.suse.com/show_bug.cgi?id=902351
• https://bugzilla.suse.com/show_bug.cgi?id=909495
• https://bugzilla.suse.com/show_bug.cgi?id=923242
• https://bugzilla.suse.com/show_bug.cgi?id=925105
• https://bugzilla.suse.com/show_bug.cgi?id=936423