Security update for the Linux Kernel

Announcement ID: SUSE-RU-2018:1481-1
Rating: important
References:
Affected Products:
  • SUSE Container as a Service Platform 1.0
  • SUSE Container as a Service Platform 2.0
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that has 28 fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.132 to receive various bugfixes.

The following non-security bugs were fixed:

  • ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
  • ALSA: aloop: Mark paused device as inactive (bnc#1012382).
  • ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
  • ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
  • ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382).
  • ALSA: timer: Fix pause event notification (bsc#973378).
  • Bluetooth: Revert: btusb: Fix quirk for Atheros 1525/QCA6174" (bnc#1012382).
  • IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012382).
  • Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012382).
  • Input: leds - fix out of bound access (bnc#1012382).
  • KVM: s390: Enable all facility bits that are known good for passthrough (bnc#1012382 bsc#1073059 bsc#1076805).
  • NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382).
  • PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094268).
  • RDMA/mlx5: Protect from shift operand overflow (bnc#1012382).
  • RDMA/ucma: Allow resolving address w/o specifying source address (bnc#1012382).
  • ath10k: Revert: rebuild crypto header in rx data frames" (kabi).
  • ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382).
  • ath10k: rebuild crypto header in rx data frames (bnc#1012382).
  • atm: zatm: Fix potential Spectre v1 (bnc#1012382).
  • bdi: Fix oops in wb_workfn() (bnc#1012382).
  • blacklist.conf: Blacklist 001ab5a67ee5
  • blacklist.conf: Blacklist 3172485f4f80
  • blacklist.conf: Blacklist 8a1ac5dc7be0
  • blacklist.conf: Blacklist a09acf4b43b9
  • blacklist.conf: Blacklist a86b06d1ccd2
  • blacklist.conf: add cifs commit RMDA is unsupported in all SLE versions.
  • bpf: map_get_next_key to return first key on NULL (bnc#1012382).
  • bs-upload-kernel: Revert: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
  • can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bnc#1012382).
  • ceph: fix st_nlink stat for directories (bsc#1093904).
  • crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382).
  • dccp: initialize ireq->ir_mark (bnc#1012382).
  • drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
  • gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382).
  • ibmvnic: Fix non-fatal firmware error reset (bsc#1093990).
  • ibmvnic: Fix statistics buffers memory leak (bsc#1093990).
  • ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990).
  • ibmvnic: Only do H_EOI for mobility events (bsc#1094356).
  • ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382).
  • kABI: protect struct ath10k_hw_params (kabi).
  • kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
  • libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382).
  • loop: handle short DIO reads (bsc#1094177).
  • mac80211: Add RX flag to indicate ICV stripped (bnc#1012382).
  • mac80211: Revert: Add RX flag to indicate ICV stripped" (kabi).
  • mac80211: Revert: allow not sending MIC up from driver for HW crypto" (kabi).
  • mac80211: Revert: allow same PN for AMSDU sub-frames" (kabi).
  • mac80211: allow not sending MIC up from driver for HW crypto (bnc#1012382).
  • mac80211: allow same PN for AMSDU sub-frames (bnc#1012382).
  • net: atm: Fix potential Spectre v1 (bnc#1012382).
  • net: fix rtnh_ok() (bnc#1012382).
  • net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382).
  • net: initialize skb->peeked when cloning (bnc#1012382).
  • netlink: fix uninit-value in netlink_sendmsg (bnc#1012382).
  • nvme-pci: Fix EEH failure on ppc (bsc#1093533).
  • nvme: target: fix buffer overflow (bsc#993388).
  • ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
  • ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1070404).
  • percpu: include linux/sched.h for cond_resched() (bnc#1012382).
  • perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (bnc#1012382).
  • perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382).
  • perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bnc#1012382).
  • perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bnc#1012382).
  • perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bnc#1012382).
  • perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bnc#1012382).
  • perf: Remove superfluous allocation error check (bnc#1012382).
  • platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035).
  • powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772).
  • powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772).
  • powerpc: conditionally compile platform-specific serial drivers (bsc#1066223).
  • powerpc: signals: Discard transaction state from signal frames (bsc#1094059).
  • rfkill: gpio: fix memory leak in probe error path (bnc#1012382).
  • s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1094532, LTC#168035).
  • s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, LTC#168037).
  • scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, LTC#168038).
  • soreuseport: initialise timewait reuseport field (bnc#1012382).
  • stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810).
  • target: transport should handle st FM/EOM/ILI reads (bsc#1081599).
  • tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
  • test_firmware: fix setting old custom fw path back on exit, second try (bnc#1012382).
  • tracepoint: Do not warn on ENOMEM (bnc#1012382).
  • tracing/uprobe_event: Fix strncpy corner case (bnc#1012382).
  • tracing: Fix regex_match_front() to not over compare the test string (bnc#1012382).
  • usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382 bsc#1092888).
  • usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888).
  • usb: musb: host: fix potential NULL pointer dereference (bnc#1012382).
  • usb: serial: option: Add support for Quectel EP06 (bnc#1012382).
  • usb: serial: option: adding support for ublox R410M (bnc#1012382).
  • usb: serial: option: reimplement interface masking (bnc#1012382).
  • usb: serial: visor: handle potential invalid device configuration (bnc#1012382).
  • watchdog: Revert: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
  • watchdog: hpwdt: Modify to use watchdog core (bsc#1085185).
  • watchdog: hpwdt: Update Module info and copyright (bsc#1085185).
  • watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
  • watchdog: hpwdt: Update nmi_panic message) (bsc#1085185).
  • watchdog: hpwdt: condition early return of NMI handler on iLO5 (bsc#1085185).
  • x86/bugs: Respect retpoline command line option (bsc#1068032).
  • x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
  • xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382).
  • xfs: fix endianness error when checking log block crc on big endian platforms (bsc#1094405, bsc#1036215).
  • xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
    zypper in -t patch SUSE-SLE-BSK-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Desktop 12 SP3
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1 SUSE-SLE-HA-12-SP3-2018-1011=1
  • SUSE Linux Enterprise High Availability Extension 12 SP3
    zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Live Patching 12-SP3
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Software Development Kit 12 SP3
    zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Server 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1
  • SUSE Linux Enterprise High Performance Computing 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1011=1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3
    zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1011=1
  • SUSE Container as a Service Platform 2.0
    To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
  • SUSE Container as a Service Platform 1.0
    To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3 (nosrc s390x)
    • kernel-zfcpdump-4.4.132-94.33.1
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3 (s390x)
    • kernel-zfcpdump-debuginfo-4.4.132-94.33.1
    • kernel-zfcpdump-debugsource-4.4.132-94.33.1
  • SUSE Linux Enterprise Desktop 12 SP3 (nosrc x86_64)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • kernel-default-extra-4.4.132-94.33.1
    • kernel-default-extra-debuginfo-4.4.132-94.33.1
    • kernel-default-devel-4.4.132-94.33.1
    • kernel-syms-4.4.132-94.33.1
  • SUSE Linux Enterprise Desktop 12 SP3 (noarch)
    • kernel-source-4.4.132-94.33.1
    • kernel-devel-4.4.132-94.33.1
    • kernel-macros-4.4.132-94.33.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
    • gfs2-kmp-default-debuginfo-4.4.132-94.33.1
    • gfs2-kmp-default-4.4.132-94.33.1
    • kernel-default-base-4.4.132-94.33.1
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • ocfs2-kmp-default-4.4.132-94.33.1
    • dlm-kmp-default-debuginfo-4.4.132-94.33.1
    • dlm-kmp-default-4.4.132-94.33.1
    • kernel-default-devel-4.4.132-94.33.1
    • ocfs2-kmp-default-debuginfo-4.4.132-94.33.1
    • cluster-md-kmp-default-4.4.132-94.33.1
    • cluster-md-kmp-default-debuginfo-4.4.132-94.33.1
    • kernel-syms-4.4.132-94.33.1
    • kernel-default-base-debuginfo-4.4.132-94.33.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (nosrc ppc64le x86_64)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
    • kernel-source-4.4.132-94.33.1
    • kernel-devel-4.4.132-94.33.1
    • kernel-macros-4.4.132-94.33.1
  • SUSE Linux Enterprise High Availability Extension 12 SP3 (ppc64le s390x x86_64)
    • gfs2-kmp-default-debuginfo-4.4.132-94.33.1
    • gfs2-kmp-default-4.4.132-94.33.1
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • ocfs2-kmp-default-4.4.132-94.33.1
    • dlm-kmp-default-debuginfo-4.4.132-94.33.1
    • dlm-kmp-default-4.4.132-94.33.1
    • ocfs2-kmp-default-debuginfo-4.4.132-94.33.1
    • cluster-md-kmp-default-4.4.132-94.33.1
    • cluster-md-kmp-default-debuginfo-4.4.132-94.33.1
  • SUSE Linux Enterprise High Availability Extension 12 SP3 (nosrc)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64)
    • kgraft-patch-4_4_132-94_33-default-debuginfo-1-4.3.1
    • kgraft-patch-4_4_132-94_33-default-1-4.3.1
  • SUSE Linux Enterprise Software Development Kit 12 SP3 (noarch)
    • kernel-docs-4.4.132-94.33.1
  • SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
    • kernel-obs-build-debugsource-4.4.132-94.33.1
    • kernel-obs-build-4.4.132-94.33.1
  • SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
    • kernel-default-base-4.4.132-94.33.1
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • kernel-default-devel-4.4.132-94.33.1
    • kernel-syms-4.4.132-94.33.1
    • kernel-default-base-debuginfo-4.4.132-94.33.1
  • SUSE Linux Enterprise Server 12 SP3 (noarch)
    • kernel-source-4.4.132-94.33.1
    • kernel-devel-4.4.132-94.33.1
    • kernel-macros-4.4.132-94.33.1
  • SUSE Linux Enterprise Server 12 SP3 (s390x)
    • kernel-default-man-4.4.132-94.33.1
  • SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 nosrc x86_64)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
    • kernel-default-base-4.4.132-94.33.1
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • kernel-default-devel-4.4.132-94.33.1
    • kernel-syms-4.4.132-94.33.1
    • kernel-default-base-debuginfo-4.4.132-94.33.1
  • SUSE Linux Enterprise High Performance Computing 12 SP3 (noarch)
    • kernel-source-4.4.132-94.33.1
    • kernel-devel-4.4.132-94.33.1
    • kernel-macros-4.4.132-94.33.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3 (nosrc)
    • kernel-default-4.4.132-94.33.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-extra-debuginfo-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
    • kernel-default-extra-4.4.132-94.33.1
  • SUSE Container as a Service Platform 2.0 (nosrc x86_64)
    • kernel-default-4.4.132-94.33.1
  • SUSE Container as a Service Platform 2.0 (x86_64)
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1
  • SUSE Container as a Service Platform 1.0 (nosrc x86_64)
    • kernel-default-4.4.132-94.33.1
  • SUSE Container as a Service Platform 1.0 (x86_64)
    • kernel-default-debugsource-4.4.132-94.33.1
    • kernel-default-debuginfo-4.4.132-94.33.1

References: