A new user interface for you! Read more...

Update for kernel-debug.openSUSE_Leap_42.2_Updat... security important

Security update for the Linux Kernel

The openSUSE Leap 42.2 kernel was updated to 4.4.73 to receive security and bugfixes.

The following security bugs were fixed:

- CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be "jumped" over (the stack guard page is bypassed), this
affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
was introduced in 2010) (bnc#1039348).

The previous fix caused some Java applications to crash and has been
replaced by the upstream fix.

The following non-security bugs were fixed:

- md: fix a null dereference (bsc#1040351).
- net/mlx5e: Fix timestamping capabilities reporting (bsc#966170, bsc#1015342)
- reiserfs: don't preallocate blocks for extended attributes (bsc#990682)
- ibmvnic: Fix error handling when registering long-term-mapped buffers (bsc#1045568).
- Fix kabi after adding new field to struct mddev (bsc#1040351).
- Fix soft lockup in svc_rdma_send (bsc#729329).
- IB/addr: Fix setting source address in addr6_resolve() (bsc#1044082).
- IB/ipoib: Fix memory leak in create child syscall (bsc#1022595 FATE#322350).
- IB/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172 bsc#966191).
- IB/mlx5: Check supported flow table size (bsc#966170 bsc#966172 bsc#966191).
- IB/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191).
- IB/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172 bsc#966191).
- NFSv4: do not let hanging mounts block other mounts (bsc#1040364).
- [v2, 2/3] powerpc/fadump: avoid holes in boot memory area when fadump is registered (bsc#1037669).
- [v2,1/3] powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669).
- [v2,3/3] powerpc/fadump: provide a helpful error message (bsc#1037669).
- dm: remove dummy dm_table definition (bsc#1045307)
- ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767).
- ibmvnic: Client-initiated failover (bsc#1043990).
- ibmvnic: Correct return code checking for ibmvnic_init during probe (bsc#1045286).
- ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close (bsc#1044767).
- ibmvnic: Exit polling routine correctly during adapter reset (bsc#1044767).
- ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure (bsc#1045568).
- ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767).
- ibmvnic: Remove module author mailing address (bsc#1045467).
- ibmvnic: Remove netdev notify for failover resets (bsc#1044120).
- ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state (bsc#1045235).
- ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767).
- ibmvnic: driver initialization for kdump/kexec (bsc#1044772).
- ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes).
- jump label: fix passing kbuild_cflags when checking for asm goto support (git-fixes).
- kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286).
- lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101).
- md: use a separate bio_set for synchronous IO (bsc#1040351).
- mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172 bsc#966191).
- mm: fix new crash in unmapped_area_topdown() (bnc#1039348).
- net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172 bsc#966191).
- net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172 bsc#966191).
- net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172 bsc#966191).
- net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172 bsc#966191).
- net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172 bsc#966191).
- net: icmp_route_lookup should use rt dev to determine L3 domain (bsc#1042286).
- net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286).
- net: l3mdev: Add master device lookup by index (bsc#1042286).
- net: make netdev_for_each_lower_dev safe for device removal (bsc#1042286).
- net: vrf: Create FIB tables on link create (bsc#1042286).
- net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286).
- net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286).
- net: vrf: Fix dst reference counting (bsc#1042286).
- net: vrf: Switch dst dev to loopback on device delete (bsc#1042286).
- net: vrf: protect changes to private data with rcu (bsc#1042286).
- powerpc/fadump: add reschedule point while releasing memory (bsc#1040609).
- powerpc/fadump: return error when fadump registration fails (bsc#1040567).
- ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes).
- sctp: check af before verify address in sctp_addr_id2transport (git-fixes).
- vrf: remove slave queue and private slave struct (bsc#1042286).
- xen-blkback: do not leak stack data via response ring (bsc#1042863 XSA-216).
- xfrm: Only add l3mdev oif to dst lookups (bsc#1042286).

Fixed bugs
bnc#1022595 FATE 322350 Mellanox ib_ipoib driver update
bnc#1027101 Tasks hanging in balance_dirty_pages() when writing to a loop mounted device under low memory conditions
bnc#1037669 SLES 12 SP2 - hot-removal of memory from fadump boot memory area causes fadump re-registration to fail
bnc#1039214 pci 0000:ff:12.4: BAR 4: failed to assign [mem size 0x00000040] on lenovo RD650 with CPU: 1*Intel(R) Xeon(R) CPU E5-2690 v4@ 2.60GHz
bnc#1039348 VUL-0: CVE-2017-1000364: kernel-source: stack gap guard page too small: Qualys new root/setuid privilege escalation method 05-2017
bnc#1040351 L3: I/O stops for 5 seconds on MD, if process a lot of I/O for a long time.
bnc#1040364 L3-Question: nfs: mount syscall does block other mount syscalls
bnc#1040567 SLES 12 SP3 Beta3 - kdump.service shows success even though fadump failed to register
bnc#1040609 SLES 12 SP3 Beta3 - BUG: soft lockup on large memory systems while releasing memory in dump capture kernel
bnc#1042286 tracking bug for SLE12 SP2 networking core base fixes
bnc#1042863 VUL-0: xen: blkif responses leak backend stack data (XSA-216)
bnc#1043990 SLES 12 SP3 RC1 - Client Initiated Failover - missing interface (ibmvnic)
bnc#1044082 iw_cxgb4: rping fails with ipv6
bnc#1044120 SLES12 SP3 Beta3: ping fails after multiple vnic failover (ibmvnic)
bnc#1044767 SLES12SP3 Beta3 build: lpar entered in xmon after reaching destination @__handle_irq_event_percpu+0xa0/0x2f0 (vnic)
bnc#1044772 SLES 12 SP2 - kdump over nfs fails for vnic interface (ibmvnic)
bnc#1044880 backport c34a69059d78 s390/vmem: fix identity mapping
bnc#1045154 master bug for USB LAN devices
bnc#1045235 SLES 12 SP3: vnic: lpar crashes after suspend/resume operation
bnc#1045286 SLES 12 SP3 - vNIC driver fails to properly probe device
bnc#1045307 DM: crash tool cannot resolve dm_table correctly when analyzing kdump
bnc#1045467 SLES 12 SP2 - ibmvnic modinfo author reference should not be personal email id (ibmvnic)
bnc#1045568 SLES 12 SP3 - LPM failures with vNIC - sub-crq registration
bnc#966170 FATE 320225 Mellanox mlx5_core driver update
bnc#966172 FATE 320226 Mellanox mlx5_en driver update
bnc#966191 FATE 320230 Mellanox mlx4_en driver update
CVE-2017-1000364 CVE-2017-1000364 stack gap too small
bnc#1015342 FATE 321688 Mellanox update mlx5_core
bnc#990682 reiserfs crash due to attempt to delete empty list in __discard_prealloc
Selected Binaries