Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389).
- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).
- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
- CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919).

The following non-security bugs were fixed:

- acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
- alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
- alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
- alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
- alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
- alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).
- Add "shutdown" to "struct class" (bsc#1053117).
- bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784).
- bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784).
- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
- nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).
- Revert "/proc/iomem: only expose physical resource addresses to privileged users" (kabi).
- Revert "Make file credentials available to the seqfile interfaces" (kabi).
- usb: core: fix device node leak (bsc#1047487).
- Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
- bnxt: add a missing rcu synchronization (bnc#1038583).
- bnxt: do not busy-poll when link is down (bnc#1038583).
- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).
- bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).
- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).
- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).
- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
- bnxt_en: Fix VF virtual link state (bnc#1038583).
- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).
- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).
- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
- bnxt_en: Refactor TPA code path (bnc#1038583).
- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).
- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).
- ceph: fix readpage from fscache (bsc#1057015).
- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).
- drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).
- ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).
- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).
- kernel/*: switch to memdup_user_nul() (bsc#1048893).
- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
- lib: test_rhashtable: fix for large entry counts (bsc#1055359).
- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466).
- md/raid5: fix a race condition in stripe batch (linux-stable).
- mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes).
- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).
- mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
- netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
- netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888).
- netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888).
- new helper: memdup_user_nul() (bsc#1048893).
- of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827).
- ovl: fix dentry leak for default_permissions (bsc#1054084).
- percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096).
- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096).
- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096).
- percpu_ref: restructure operation mode switching (bsc#1055096).
- percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
- s390: export symbols for crash-kmp (bsc#1053915).
- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).
- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).
- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
- sysctl: simplify unsigned int support (bsc#1048893).
- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
- tpm: KABI fix (bsc#1053117).
- tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed).
- tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3).
- tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).
- tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).
- tty: serial: msm: Support more bauds (git-fixes).
- ubifs: Correctly evict xattr inodes (bsc#1012829).
- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).
- xfs: fix inobt inode allocation search optimization (bsc#1012829).

Fixed bugs
bnc#1012829
Backport fixes to SLE12 SP2
bnc#1020645
Update TPM drivers
bnc#1020657
lenovo board VIUU4 has a phase inverted microphone
bnc#1021424
Chelsio:cxgb4: Commit id list for SLES12SP2 MU
bnc#1022743
FATE 322540 Chelsio: Support for Chelsio's Crypto Hardware
bnc#1024405
HP Z2 Mini - Need SLE 12 SP2 driver kit
bnc#1030850
hotplug of mptsas devices doesn't work within VMware ESXi environment
bnc#1031717
Missing SLE12-SP2 fixes
bnc#1031784
Lag Wireless Keyboard and BT Mouse
bnc#1034048
backport TPM fixes to SP2
bnc#1038583
bnxt_en driver bug fix patches for SLE12-SP2
bnc#1047487
master bug for USB core issues
bnc#1048155
Fix large topology support for vmwgfx
bnc#1048893
backport 4f2fec00afa6 sysctl: simplify unsigned int support
bnc#1048934
Enable STAudio ADCIII device in ice1712
bnc#1049226
spurious 'No space left on device' on LXCs created by machinectl
bnc#1049580
VUL-1: CVE-2017-11472: kernel,acpica: acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c does not flush the operand cache and causes a kernel stackdump
bnc#1051790
VUL-0: CVE-2017-12134: kernel: Incorrect Xen block IO merge-ability calculation (XSA-229)
bnc#1052580
usb-sound: cannot get freq at ep 0x83: Sennheiser Headset
bnc#1052888
netfilter: slow path in setsockopt (pcpu_alloc), regression caused by 71ae0dff02d7 (v4.2)
bnc#1053117
d1bd4a792d39 {"tpm: Issue a TPM2_Shutdown for TPM2 devices"}
bnc#1053802
Module cifs.ko taints kernel (X) but should not
bnc#1053915
"modprobe crash" fails to load module
bnc#1053919
Theoretical races in mprotect/madvise and related operations
bnc#1054084
ovl: dentry leak in default_permissions
bnc#1055013
Add mic mute LED mode control for Dell Latitude 7270
bnc#1055096
Add git-fixes commit 33e465ce7cb3 for percpu_ref locking
bnc#1055359
fix git commit f4a3e90ba5739 with commit e859afe1ee0c: lib: test_rhashtable: fix for large entry counts
bnc#1056261
ip(8) fails when 64 VFs on network device
bnc#1056588
VUL-0: CVE-2017-14051: kernel-source: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function indrivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10allows local users to cause a denial of service (memory corrupti
bnc#1056827
Proactive fixes for numa and network
bnc#1056982
VUL-0: CVE-2017-14106: kernel-source: Divide-by-zero in __tcp_select_window
bnc#1057015
ceph: fix readpage from fscache
bnc#1057389
EMU: VUL-0: CVE-2017-1000251: kernel-source: bluetooth l2cap remote (bluetooth) code execution
bnc#1058116
SLES12SP3RC1: dropped at xmon after lpm using vnic
bnc#971975
SLE12 SP2 performance backports: VM
bnc#981309
NFS-Coherence test fail for SLES-12-sp2.
CVE-2017-1000251
CVE-2017-14106
CVE-2017-11472
CVE-2017-14051
CVE-2017-12134
Selected Binaries
openSUSE Build Service is sponsored by
Places