openSUSE-SU-2018:2118-1: important: Security update for the Linux Kernel


openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2118-1
Rating: important
References: #1012382 #1064232 #1075876 #1076110 #1085185
#1085657 #1089525 #1090435 #1090888 #1091171
#1092207 #1094244 #1094248 #1094643 #1095453
#1096790 #1097034 #1097140 #1097492 #1097501
#1097551 #1097808 #1097931 #1097961 #1098016
#1098236 #1098425 #1098435 #1098527 #1098599
#1099042 #1099183 #1099279 #1099713 #1099732
#1099792 #1099810 #1099918 #1099924 #1099966
#1099993 #1100089 #1100340 #1100416 #1100418
#1100491 #1100843 #1101296
Cross-References: CVE-2018-13053 CVE-2018-13405 CVE-2018-13406
CVE-2018-9385
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves four vulnerabilities and has 44 fixes
is now available.

Description:

The openSUSE 42.3 was updated to 4.4.140 to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow
via a large relative timeout because ktime_add_safe was not used
(bnc#1099924).
– CVE-2018-9385: Prevent overread of the “driver_override” buffer
(bsc#1100491).
– CVE-2018-13405: The inode_init_owner function allowed local users to
create files with an unintended group ownership allowing attackers to
escalate privileges by making a plain file executable and SGID
(bnc#1100416).
– CVE-2018-13406: An integer overflow in the uvesafb_setcmap function
could have result in local attackers being able to crash the kernel or
potentially elevate privileges because kmalloc_array is not used
(bnc#1100418).

The following non-security bugs were fixed:

– 1wire: family module autoload fails because of upper/lower case mismatch
(bnc#1012382).
– ALSA: hda – Clean up ALC299 init code (bsc#1099810).
– ALSA: hda – Enable power_save_node for CX20722 (bsc#1099810).
– ALSA: hda – Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810).
– ALSA: hda – Fix incorrect usage of IS_REACHABLE() (bsc#1099810).
– ALSA: hda – Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).
– ALSA: hda – Handle kzalloc() failure in snd_hda_attach_pcm_stream()
(bnc#1012382).
– ALSA: hda – Use acpi_dev_present() (bsc#1099810).
– ALSA: hda – add a new condition to check if it is thinkpad (bsc#1099810).
– ALSA: hda – silence uninitialized variable warning in activate_amp_in()
(bsc#1099810).
– ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810).
– ALSA: hda/realtek – Add a quirk for FSC ESPRIMO U9210 (bsc#1099810).
– ALSA: hda/realtek – Add headset mode support for Dell laptop
(bsc#1099810).
– ALSA: hda/realtek – Add support headset mode for DELL WYSE (bsc#1099810).
– ALSA: hda/realtek – Clevo P950ER ALC1220 Fixup (bsc#1099810).
– ALSA: hda/realtek – Enable Thinkpad Dock device for ALC298 platform
(bsc#1099810).
– ALSA: hda/realtek – Enable mic-mute hotkey for several Lenovo AIOs
(bsc#1099810).
– ALSA: hda/realtek – Fix Dell headset Mic can’t record (bsc#1099810).
– ALSA: hda/realtek – Fix pop noise on Lenovo P50 and co (bsc#1099810).
– ALSA: hda/realtek – Fix the problem of two front mics on more machines
(bsc#1099810).
– ALSA: hda/realtek – Fixup for HP x360 laptops with BO speakers
(bsc#1099810).
– ALSA: hda/realtek – Fixup mute led on HP Spectre x360 (bsc#1099810).
– ALSA: hda/realtek – Make dock sound work on ThinkPad L570 (bsc#1099810).
– ALSA: hda/realtek – Refactor alc269_fixup_hp_mute_led_mic*()
(bsc#1099810).
– ALSA: hda/realtek – Reorder ALC269 ASUS quirk entries (bsc#1099810).
– ALSA: hda/realtek – Support headset mode for ALC215/ALC285/ALC289
(bsc#1099810).
– ALSA: hda/realtek – Update ALC255 depop optimize (bsc#1099810).
– ALSA: hda/realtek – adjust the location of one mic (bsc#1099810).
– ALSA: hda/realtek – change the location for one of two front mics
(bsc#1099810).
– ALSA: hda/realtek – set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810).
– ALSA: hda/realtek – update ALC215 depop optimize (bsc#1099810).
– ALSA: hda/realtek – update ALC225 depop optimize (bsc#1099810).
– ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD
(bsc#1099810).
– ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810).
– ALSA: hda: Fix forget to free resource in error handling code path in
hda_codec_driver_probe (bsc#1099810).
– ALSA: hda: add dock and led support for HP EliteBook 830 G5
(bsc#1099810).
– ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810).
– ALSA: hda: fix some klockwork scan warnings (bsc#1099810).
– ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
size (bnc#1012382).
– ARM: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382).
– ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).
– ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).
– ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
(bnc#1012382).
– Bluetooth: Fix connection if directed advertising and privacy is used
(bnc#1012382).
– Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
loader (bnc#1012382).
– Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).
– Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382).
– Btrfs: make raid6 rebuild retry more (bnc#1012382).
– Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).
– Correct the arguments to verbose() (bsc#1098425)
– Fix kABI breakage of iio_buffer in 4.4.139 (stable-4.4.139).
– HID: debug: check length before copy_to_user() (bnc#1012382).
– HID: hiddev: fix potential Spectre v1 (bnc#1012382).
– HID: i2c-hid: Fix “incomplete report” noise (bnc#1012382).
– Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248,
bsc@1097140).
– IB/qib: Fix DMA api warning with debug kernel (bnc#1012382).
– Input: elan_i2c – add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).
– Input: elan_i2c_smbus – fix more potential stack buffer overflows
(bnc#1012382).
– Input: elantech – enable middle button of touchpads on ThinkPad P52
(bnc#1012382).
– Input: elantech – fix V4 report decoding for module with middle key
(bnc#1012382).
– MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
(bnc#1012382).
– MIPS: io: Add barrier after register read in inX() (bnc#1012382).
– NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message (bnc#1012382).
– PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume (bnc#1012382).
– RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).
– Refresh with upstream commit:62290a5c194b since the typo fix has been
merged in upstream. (bsc#1085185)
– Remove broken patches for dac9063 watchdog (bsc#1100843)
– Revert “Btrfs: fix scrub to repair raid6 corruption” (bnc#1012382).
– Revert “kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).”
This turned out to be superfluous for 4.4.x kernels.
– Revert “scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).” This
reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327.
– UBIFS: Fix potential integer overflow in allocation (bnc#1012382).
– USB: serial: cp210x: add CESINEL device ids (bnc#1012382).
– USB: serial: cp210x: add Silicon Labs IDs for Windows Update
(bnc#1012382).
– Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch
(bsc#1098527).
– ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
(bnc#1012382).
– atm: zatm: fix memcmp casting (bnc#1012382).
– backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).
– backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).
– backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).
– bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232).
– bcache: Annotate switch fall-through (bsc#1064232).
– bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232).
– bcache: Fix indentation (bsc#1064232).
– bcache: Fix kernel-doc warnings (bsc#1064232).
– bcache: Fix, improve efficiency of closure_sync() (bsc#1076110).
– bcache: Reduce the number of sparse complaints about lock imbalances
(bsc#1064232).
– bcache: Remove an unused variable (bsc#1064232).
– bcache: Suppress more warnings about set-but-not-used variables
(bsc#1064232).
– bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110).
– bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232).
– bcache: add backing_request_endio() for bi_end_io (bsc#1064232).
– bcache: add io_disable to struct cached_dev (bsc#1064232).
– bcache: add journal statistic (bsc#1076110).
– bcache: add stop_when_cache_set_failed option to backing device
(bsc#1064232).
– bcache: add wait_for_kthread_stop() in bch_allocator_thread()
(bsc#1064232).
– bcache: closures: move control bits one bit right (bsc#1076110).
– bcache: correct flash only vols (check all uuids) (bsc#1064232).
– bcache: count backing device I/O error for writeback I/O (bsc#1064232).
– bcache: fix cached_dev->count usage for bch_cache_set_error()
(bsc#1064232).
– bcache: fix crashes in duplicate cache device register (bsc#1076110).
– bcache: fix error return value in memory shrink (bsc#1064232).
– bcache: fix high CPU occupancy during journal (bsc#1076110).
– bcache: fix inaccurate io state for detached bcache devices
(bsc#1064232).
– bcache: fix incorrect sysfs output value of strip size (bsc#1064232).
– bcache: fix misleading error message in bch_count_io_errors()
(bsc#1064232).
– bcache: fix using of loop variable in memory shrink (bsc#1064232).
– bcache: fix writeback target calc on large devices (bsc#1076110).
– bcache: fix wrong return value in bch_debug_init() (bsc#1076110).
– bcache: mark closure_sync() __sched (bsc#1076110).
– bcache: move closure debug file into debug directory (bsc#1064232).
– bcache: reduce cache_set devices iteration by devices_max_used
(bsc#1064232).
– bcache: ret IOERR when read meets metadata error (bsc#1076110).
– bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n
(bsc#1064232).
– bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232).
– bcache: set dc->io_disable to true in conditional_stop_bcache_device()
(bsc#1064232).
– bcache: set error_limit correctly (bsc#1064232).
– bcache: set writeback_rate_update_seconds in range [1, 60] seconds
(bsc#1064232).
– bcache: stop bcache device when backing device is offline (bsc#1064232).
– bcache: stop dc->writeback_rate_update properly (bsc#1064232).
– bcache: stop writeback thread after detaching (bsc#1076110).
– bcache: store disk name in struct cache and struct cached_dev
(bsc#1064232).
– bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
(bsc#1064232).
– block: Fix transfer when chunk sectors exceeds max (bnc#1012382).
– bonding: re-evaluate force_primary when the primary slave name changes
(bnc#1012382).
– bpf: properly enforce index mask to prevent out-of-bounds speculation
(bsc#1098425).
– branch-check: fix long->int truncation when profiling branches
(bnc#1012382).
– cdc_ncm: avoid padding beyond end of skb (bnc#1012382).
– ceph: fix dentry leak in splice_dentry() (bsc#1098236).
– ceph: fix use-after-free in ceph_statfs() (bsc#1098236).
– ceph: fix wrong check for the case of updating link count (bsc#1098236).
– ceph: prevent i_version from going back (bsc#1098236).
– ceph: support file lock on directory (bsc#1098236).
– cifs: Check for timeout on Negotiate stage (bsc#1091171).
– cifs: Fix infinite loop when using hard mount option (bnc#1012382).
– cpufreq: Fix new policy initialization during limits updates via sysfs
(bnc#1012382).
– cpuidle: powernv: Fix promotion from snooze if next state disabled
(bnc#1012382).
– dm thin: handle running out of data space vs concurrent discard
(bnc#1012382).
– dm: convert DM printk macros to pr_ level macros (bsc#1099918).
– dm: fix printk() rate limiting code (bsc#1099918).
– drbd: fix access after free (bnc#1012382).
– driver core: Do not ignore class_dir_create_and_add() failure
(bnc#1012382).
– e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
(bsc#1075876).
– ext4: add more inode number paranoia checks (bnc#1012382).
– ext4: add more mount time checks of the superblock (bnc#1012382).
– ext4: always check block group bounds in ext4_init_block_bitmap()
(bnc#1012382).
– ext4: check superblock mapped prior to committing (bnc#1012382).
– ext4: clear i_data in ext4_inode_info when removing inline data
(bnc#1012382).
– ext4: fix fencepost error in check for inode count overflow during
resize (bnc#1012382).
– ext4: fix unsupported feature message formatting (bsc#1098435).
– ext4: include the illegal physical block in the bad map ext4_error msg
(bnc#1012382).
– ext4: make sure bitmaps and the inode table do not overlap with bg
descriptors (bnc#1012382).
– ext4: only look at the bg_flags field if it is valid (bnc#1012382).
– ext4: update mtime in ext4_punch_hole even if no blocks are released
(bnc#1012382).
– ext4: verify the depth of extent tree in ext4_find_extent()
(bnc#1012382).
– fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279).
– fuse: atomic_o_trunc should truncate pagecache (bnc#1012382).
– fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382).
– fuse: fix control dir setup and teardown (bnc#1012382).
– hv_netvsc: avoid repeated updates of packet filter (bsc#1097492).
– hv_netvsc: defer queue selection to VF (bsc#1097492).
– hv_netvsc: enable multicast if necessary (bsc#1097492).
– hv_netvsc: filter multicast/broadcast (bsc#1097492).
– hv_netvsc: fix filter flags (bsc#1097492).
– hv_netvsc: fix locking during VF setup (bsc#1097492).
– hv_netvsc: fix locking for rx_mode (bsc#1097492).
– hv_netvsc: propagate rx filters to VF (bsc#1097492).
– i2c: rcar: fix resume by always initializing registers before transfer
(bnc#1012382).
– iio:buffer: make length types match kfifo types (bnc#1012382).
– iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).
– ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).
– ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382).
– ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).
– iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810).
– iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810).
– jbd2: do not mark block as modified if the handle is out of credits
(bnc#1012382).
– kabi/severities: add ‘drivers/md/bcache/* PASS’ since no one uses
symboles expoted by bcache.
– kmod: fix wait on recursive loop (bsc#1099792).
– kmod: reduce atomic operations on kmod_concurrent and simplify
(bsc#1099792).
– kmod: throttle kmod thread limit (bsc#1099792).
– kprobes/x86: Do not modify singlestep buffer while resuming
(bnc#1012382).
– kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).
– lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).
– libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).
– libata: zpodd: make arrays cdb static, reduces object code size
(bnc#1012382).
– libata: zpodd: small read overflow in eject_tray() (bnc#1012382).
– linvdimm, pmem: Preserve read-only setting for pmem devices
(bnc#1012382).
– m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
(bnc#1012382).
– mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732).
– media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).
– media: cx25840: Use subdev host data for PLL override (bnc#1012382).
– media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
(bnc#1012382).
– media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).
– media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).
– mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).
– mips: ftrace: fix static function graph tracing (bnc#1012382).
– mm: hugetlb: yield when prepping struct pages (bnc#1012382).
– mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking
(bnc#1012382).
– mtd: cfi_cmdset_0002: Change definition naming to retry write operation
(bnc#1012382).
– mtd: cfi_cmdset_0002: Change erase functions to check chip good only
(bnc#1012382).
– mtd: cfi_cmdset_0002: Change erase functions to retry for error
(bnc#1012382).
– mtd: cfi_cmdset_0002: Change write buffer to check correct value
(bnc#1012382).
– mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
(bnc#1012382).
– mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382).
– mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382).
– mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS
(bsc#1099918).
– mtd: partitions: add helper for deleting partition (bsc#1099918).
– mtd: partitions: remove sysfs files when deleting all master’s
partitions (bsc#1099918).
– mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382).
– n_tty: Access echo_* variables carefully (bnc#1012382).
– n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382).
– net/sonic: Use dma_mapping_error() (bnc#1012382).
– net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).
– netfilter: ebtables: handle string from userspace with care
(bnc#1012382).
– netfilter: nf_log: do not hold nf_log_mutex during user access
(bnc#1012382).
– netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in
nft_do_chain() (bnc#1012382).
– nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
(bnc#1012382).
– nvme-fabrics: allow duplicate connections to the discovery controller
(bsc#1098527).
– nvme-fabrics: allow internal passthrough command on deleting controllers
(bsc#1098527).
– nvme-fabrics: centralize discovery controller defaults (bsc#1098527).
– nvme-fabrics: fix and refine state checks in __nvmf_check_ready
(bsc#1098527).
– nvme-fabrics: refactor queue ready check (bsc#1098527).
– nvme-fc: change controllers first connect to use reconnect path
(bsc#1098527).
– nvme-fc: fix nulling of queue data on reconnect (bsc#1098527).
– nvme-fc: remove reinit_request routine (bsc#1098527).
– nvme-fc: remove setting DNR on exception conditions (bsc#1098527).
– nvme-pci: initialize queue memory before interrupts (bnc#1012382).
– nvme: allow duplicate controller if prior controller being deleted
(bsc#1098527).
– nvme: move init of keep_alive work item to controller initialization
(bsc#1098527).
– nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage
(bsc#1098527).
– nvmet-fc: increase LS buffer count per fc port (bsc#1098527).
– nvmet: switch loopback target state to connecting when resetting
(bsc#1098527).
– of: unittest: for strings, account for trailing \0 in property length
field (bnc#1012382).
– ovl: fix random return value on mount (bsc#1099993).
– ovl: fix uid/gid when creating over whiteout (bsc#1099993).
– ovl: override creds with the ones from the superblock mounter
(bsc#1099993).
– perf intel-pt: Fix “Unexpected indirect branch” error (bnc#1012382).
– perf intel-pt: Fix MTC timing after overflow (bnc#1012382).
– perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
TIP (bnc#1012382).
– perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).
– perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382).
– perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
(bnc#1012382).
– platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad
(bsc#1099810).
– powerpc/64s: Exception macro for stack frame and initial register save
(bsc#1094244).
– powerpc/64s: Fix mce accounting for powernv (bsc#1094244).
– powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).
– powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
(bnc#1012382).
– powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).
– powerpc/ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG (bnc#1012382).
– powerpc: Machine check interrupt is a non-maskable interrupt
(bsc#1094244).
– procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542).
– qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).
– qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).
– qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).
– regulator: Do not return or expect -errno from of_map_mode()
(bsc#1099042).
– restore cond_resched() in shrink_dcache_parent() (bsc#1098599).
– rmdir(),rename(): do shrink_dcache_parent() only on success
(bsc#1100340).
– s390/dasd: configurable IFCC handling (bsc#1097808).
– s390: Correct register corruption in critical section cleanup
(bnc#1012382).
– sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435).
– sched/sysctl: Check user input value of sysctl_sched_time_avg
(bsc#1100089).
– scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961).
– scsi: ipr: new IOASC update (bsc#1097961).
– scsi: lpfc: Change IO submit return to EBUSY if remote port is
recovering (bsc#1092207).
– scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt
(bsc#1092207).
– scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).
– scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).
– scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453).
– scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc
(bsc#1095453).
– scsi: lpfc: Fix port initialization failure (bsc#1095453).
– scsi: lpfc: Fix up log messages and stats counters in IO submit code
path (bsc#1092207).
– scsi: lpfc: Handle new link fault code returned by adapter firmware
(bsc#1092207).
– scsi: lpfc: correct oversubscription of nvme io requests for an adapter
(bsc#1095453).
– scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).
– scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).
– scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931)
– scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
(bnc#1012382).
– scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)
– scsi: sg: mitigate read/write abuse (bsc#1101296).
– scsi: zfcp: fix misleading REC trigger trace where erp_action setup
failed (LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix misleading REC trigger trace where erp_action setup
failed (bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
(LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
(bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
(LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
(bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
return (LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
return (bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
ERP_FAILED (bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
(LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
(bnc#1099713, LTC#168765).
– scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
(LTC#168765 bnc#1012382 bnc#1099713).
– scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
(bnc#1099713, LTC#168765).
– serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
version (bnc#1012382).
– signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382).
– spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382).
– staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382).
– staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
(bnc#1012382).
– tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
(bnc#1012382).
– tcp: verify the checksum of the first data segment in a new connection
(bnc#1012382).
– thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810).
– time: Make sure jiffies_to_msecs() preserves non-zero time periods
(bnc#1012382).
– tracing: Fix missing return symbol in function_graph output
(bnc#1012382).
– ubi: fastmap: Cancel work upon detach (bnc#1012382).
– ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382).
– udf: Detect incorrect directory size (bnc#1012382).
– usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382).
– usb: do not reset if a low-speed or full-speed device timed out
(bnc#1012382).
– usb: musb: fix remote wakeup racing with suspend (bnc#1012382).
– video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in
stifb_init_fb() (bsc#1090888 bsc#1099966).
– video: uvesafb: Fix integer overflow in allocation (bnc#1012382).
– w1: mxc_w1: Enable clock before calling clk_get_rate() on it
(bnc#1012382).
– wait: add wait_event_killable_timeout() (bsc#1099792).
– watchdog: da9063: Fix setting/changing timeout (bsc#1100843).
– watchdog: da9063: Fix timeout handling during probe (bsc#1100843).
– watchdog: da9063: Fix updating timeout value (bsc#1100843).
– x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask
(bsc#1094643).
– x86/mce: Fix incorrect “Machine check from unknown source” message
(bnc#1012382).
– x86/mce: Improve error message when kernel cannot recover (git-fixes
b2f9d678e28c).
– x86/pti: do not report XenPV as vulnerable (bsc#1097551).
– xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382).
– xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382).
– xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).
– xfrm: skip policies marked as dead while rehashing (bnc#1012382).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-764=1

Package List:

– openSUSE Leap 42.3 (noarch):

kernel-devel-4.4.140-62.2
kernel-docs-4.4.140-62.2
kernel-docs-html-4.4.140-62.2
kernel-docs-pdf-4.4.140-62.2
kernel-macros-4.4.140-62.2
kernel-source-4.4.140-62.2
kernel-source-vanilla-4.4.140-62.2

– openSUSE Leap 42.3 (x86_64):

kernel-debug-4.4.140-62.2
kernel-debug-base-4.4.140-62.2
kernel-debug-base-debuginfo-4.4.140-62.2
kernel-debug-debuginfo-4.4.140-62.2
kernel-debug-debugsource-4.4.140-62.2
kernel-debug-devel-4.4.140-62.2
kernel-debug-devel-debuginfo-4.4.140-62.2
kernel-default-4.4.140-62.2
kernel-default-base-4.4.140-62.2
kernel-default-base-debuginfo-4.4.140-62.2
kernel-default-debuginfo-4.4.140-62.2
kernel-default-debugsource-4.4.140-62.2
kernel-default-devel-4.4.140-62.2
kernel-obs-build-4.4.140-62.3
kernel-obs-build-debugsource-4.4.140-62.3
kernel-obs-qa-4.4.140-62.1
kernel-syms-4.4.140-62.1
kernel-vanilla-4.4.140-62.2
kernel-vanilla-base-4.4.140-62.2
kernel-vanilla-base-debuginfo-4.4.140-62.2
kernel-vanilla-debuginfo-4.4.140-62.2
kernel-vanilla-debugsource-4.4.140-62.2
kernel-vanilla-devel-4.4.140-62.2
kselftests-kmp-debug-4.4.140-62.2
kselftests-kmp-debug-debuginfo-4.4.140-62.2
kselftests-kmp-default-4.4.140-62.2
kselftests-kmp-default-debuginfo-4.4.140-62.2
kselftests-kmp-vanilla-4.4.140-62.2
kselftests-kmp-vanilla-debuginfo-4.4.140-62.2

References:

https://www.suse.com/security/cve/CVE-2018-13053.html
https://www.suse.com/security/cve/CVE-2018-13405.html
https://www.suse.com/security/cve/CVE-2018-13406.html
https://www.suse.com/security/cve/CVE-2018-9385.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1064232
https://bugzilla.suse.com/1075876
https://bugzilla.suse.com/1076110
https://bugzilla.suse.com/1085185
https://bugzilla.suse.com/1085657
https://bugzilla.suse.com/1089525
https://bugzilla.suse.com/1090435
https://bugzilla.suse.com/1090888
https://bugzilla.suse.com/1091171
https://bugzilla.suse.com/1092207
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094248
https://bugzilla.suse.com/1094643
https://bugzilla.suse.com/1095453
https://bugzilla.suse.com/1096790
https://bugzilla.suse.com/1097034
https://bugzilla.suse.com/1097140
https://bugzilla.suse.com/1097492
https://bugzilla.suse.com/1097501
https://bugzilla.suse.com/1097551
https://bugzilla.suse.com/1097808
https://bugzilla.suse.com/1097931
https://bugzilla.suse.com/1097961
https://bugzilla.suse.com/1098016
https://bugzilla.suse.com/1098236
https://bugzilla.suse.com/1098425
https://bugzilla.suse.com/1098435
https://bugzilla.suse.com/1098527
https://bugzilla.suse.com/1098599
https://bugzilla.suse.com/1099042
https://bugzilla.suse.com/1099183
https://bugzilla.suse.com/1099279
https://bugzilla.suse.com/1099713
https://bugzilla.suse.com/1099732
https://bugzilla.suse.com/1099792
https://bugzilla.suse.com/1099810
https://bugzilla.suse.com/1099918
https://bugzilla.suse.com/1099924
https://bugzilla.suse.com/1099966
https://bugzilla.suse.com/1099993
https://bugzilla.suse.com/1100089
https://bugzilla.suse.com/1100340
https://bugzilla.suse.com/1100416
https://bugzilla.suse.com/1100418
https://bugzilla.suse.com/1100491
https://bugzilla.suse.com/1100843
https://bugzilla.suse.com/1101296


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org