Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-5986: A userlevel triggerable BUG_ON on sctp_wait_for_sndbuf was fixed. (bsc#1025235)
- CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).
- CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762)
- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. (bsc#1026024).

The following non-security bugs were fixed:

- btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100).
- iwlwifi: Expose the default fallback ucode API to module info (boo#1021082, boo#1023884).
- kabi: protect struct tcp_fastopen_cookie (kabi).
- md: ensure md devices are freed before module is unloaded (bsc#1022304).
- md: Fix a regression reported by bsc#1020048 in patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.patch (bsc#982783,bsc#998106,bsc#1020048).
- net: ethtool: Initialize buffer when querying device channel settings (bsc#969479 FATE#320634).
- net: implement netif_cond_dbg macro (bsc#1019168).
- sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
- sfc: refactor debug-or-warnings printks (bsc#1019168).
- xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
- xfs: do not allow di_size with high bit set (bsc#1024234).
- xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508).
- xfs: fix broken multi-fsb buffer logging (bsc#1024081).
- xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
- xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
- xfs: track and serialize in-flight async buffers against unmount (bsc#1024508).
- xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508).

Fixed bugs
bnc#1018100
btrfs: Compat FS_IOC_GETFLAGS/FS_IOC_SETFLAGS ioctls() does not work
bnc#1019168
[SLES-12-SP2] sfc driver reports few errors during boot.
bnc#1020048
[SLES12 SP2] "Data miscompare on a read" is observed during the rebuilding of degraded MDRAID VDs
bnc#1021082
NET installer not picking up WiFi connection
bnc#1022304
System panic in get_disk() after removing associated kernel modules
bnc#1023762
VUL-0: CVE-2017-5897: kernel-source: ip6_gre:invalid reads in ip6gre_err()
bnc#1023884
Intel 3168 Wifi card doesn't work on boot, but does after module reload
bnc#1023888
xfstests xfs/118 triggers null pointer deref in xfs_trans_log_inode
bnc#1024081
xfstests xfs/306 causes null pointer dereference
bnc#1024234
xfstests xfs/133 and xfs/134 trigger hangup on unmount
bnc#1024508
xfstests xfs/311 causes null pointer dereference
bnc#1024938
VUL-0: CVE-2017-5970: kernel-source: ipv4: keep skb->dst around in presence of IP options
bnc#1025235
VUL-1: CVE-2017-5986: kernel-source: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
bnc#969479
FATE 320634 Intel fm10k update for SLE12SP2
bnc#982783
SLES 11 SP4 - Severe performance degradation with RAID1 configuration (using NVMe on POWER)
bnc#989056
xfs_dmapi: dm_filldir(2) counts directory entry name twice
bnc#998106
[Intel SLES 12 SP2 BUG] Patrol read gets stuck for RAID1 array
bnc#1012382
Continuous stable update tracker for 4.4
bnc#1022181
kernel OOPS @ 'pcie_aspm_init_link_state' after upgrade from @Kernel:Stable 4.9.5-3.1.g9bb1a8a-default -> 4.9.6-1.1.gd1207ac-default
bnc#1026024
VUL-0: CVE-2017-6074: kernel-source: local privilege escalation due to double free in dccp code
CVE-2017-5986
CVE-2017-5970
CVE-2017-5897
CVE-2017-6074
Selected Binaries
openSUSE Build Service is sponsored by
Places