openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:1633-1
Rating:             important
References:         #1012060 #1012382 #1012422 #1012829 #1015452 
                    #1022595 #1031796 #1032339 #1036638 #1037840 
                    #1038085 #1039348 #1039900 #1040855 #1041242 
                    #1041431 #1041810 #1042286 #1042356 #1042421 
                    #1042517 #1042535 #1042536 #1042886 #1043014 
                    #1043231 #1043236 #1043371 #1043467 #1043598 
                    #1043935 #1044015 #1044125 #1044532 #863764 
                    #966321 #966339 #971975 #995542 
Cross-References:   CVE-2017-1000364 CVE-2017-1000380 CVE-2017-7346
                    CVE-2017-9242
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves four vulnerabilities and has 35 fixes
   is now available.

Description:



   The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-1000364: An issue was discovered in the size of the stack guard
     page on Linux, specifically a 4k stack guard page is not sufficiently
     large and can be "jumped" over (the stack guard page is bypassed), this
     affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
     was introduced in 2010) (bnc#1039348).
   - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
     to a data race in the ALSA /dev/snd/timer driver resulting in local
     users being able to read information belonging to other users, i.e.,
     uninitialized memory contents may be disclosed when a read and an ioctl
     happen at the same time (bnc#1044125).
   - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate certain levels data, which allowed local users to cause a
     denial of service (system hang) via a crafted ioctl call for a
     /dev/dri/renderD* device (bnc#1031796).
   - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bnc#1041431).

   The following non-security bugs were fixed:

   - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
     (bsc#1043231).
   - IB/core: Fix kernel crash during fail to initialize device (bsc#1022595
     FATE#322350).
   - IB/core: For multicast functions, verify that LIDs are multicast LIDs
     (bsc#1022595 FATE#322350).
   - IB/core: If the MGID/MLID pair is not on the list return an error
     (bsc#1022595 FATE#322350).
   - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
     (bsc#1022595 FATE#322350).
   - Make __xfs_xattr_put_listen preperly report errors (bsc#1041242).
   - NFS: Fix an LOCK/OPEN race when unlinking an open file (git-fixes).
   - NFSv4: Fix the underestimation of delegation XDR space reservation
     (git-fixes).
   - NFSv4: fix a reference leak caused WARNING messages (git-fixes).
   - PM / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231).
   - SUNRPC: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes).
   - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
     (git-fixes).
   - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900).
   - [media] vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231).
   - bcache: fix calling ida_simple_remove() with incorrect minor
     (bsc#1038085).
   - bna: add missing per queue ethtool stat (bsc#966321 FATE#320156).
   - bna: integer overflow bug in debugfs (bsc#966321 FATE#320156).
   - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
     (bsc#1042286).
   - bonding: do not use stale speed and duplex information (bsc#1042286).
   - bonding: prevent out of bound accesses (bsc#1042286).
   - brcmfmac: add fallback for devices that do not report per-chain values
     (bsc#1043231).
   - brcmfmac: avoid writing channel out of allocated array (bsc#1043231).
   - ceph: fix potential use-after-free (bsc#1043371).
   - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810).
   - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode
     (bsc#1012829).
   - cgroup: remove redundant cleanup in css_create (bsc#1012829).
   - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935).
   - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
     bsc#995542).
   - drm/nouveau/tmr: fully separate alarm execution/pending lists
     (bsc#1043467).
   - efi: Do not issue error message when booted under Xen (bnc#1036638).
   - ext4: fix data corruption for mmap writes (bsc#1012829).
   - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829).
   - fuse: fix clearing suid, sgid for chown() (bsc#1012829).
   - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021,
     bsc#1040855).
   - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED
     (fate#322021, bsc#1040855).
   - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855).
   - ibmvnic: Halt TX and report carrier off on H_CLOSED return code
     (fate#322021, bsc#1040855).
   - ibmvnic: Handle failover after failed init crq (fate#322021,
     bsc#1040855).
   - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855).
   - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855).
   - ibmvnic: Reset the CRQ queue during driver reset (fate#322021,
     bsc#1040855).
   - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855).
   - ibmvnic: Return failure on attempted mtu change (bsc#1043236).
   - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855).
   - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855).
   - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286).
   - ipv6: fix endianness error in icmpv6_err (bsc#1042286).
   - kABI: protect struct fib_info (kabi).
   - kABI: protect struct pglist_data (kabi).
   - kABI: protect struct xlog (bsc#1043598).
   - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
   - l2tp: fix race in l2tp_recv_common() (bsc#1042286).
   - libceph: NULL deref on crush_decode() error path (bsc#1044015).
   - md: allow creation of mdNNN arrays via md_mod/parameters/new_array
     (bsc#1032339).
   - md: support disabling of create-on-open semantics (bsc#1032339).
   - mm/hugetlb: check for reserved hugepages during memory offline
     (bnc#971975 VM -- git fixes).
   - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975
     VM -- git fixes).
   - mmc: Downgrade error level (bsc#1042536).
   - module: fix memory leak on early load_module() failures (bsc#1043014).
   - net: bridge: start hello timer only if device is up (bnc#1012382).
   - net: fix compile error in skb_orphan_partial() (bnc#1012382).
   - net: ipv6: set route type for anycast routes (bsc#1042286).
   - netfilter: nf_conntrack_sip: extend request line validation
     (bsc#1042286).
   - netfilter: nf_ct_expect: remove the redundant slash when policy name is
     empty (bsc#1042286).
   - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
     (bsc#1042286).
   - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to
     register (bsc#1042286).
   - netfilter: nfnetlink_queue: reject verdict request from different portid
     (bsc#1042286).
   - netfilter: restart search if moved to other chain (bsc#1042286).
   - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286).
   - netxen_nic: set rcode to the return status from the call to
     netxen_issue_cmd (bsc#966339 FATE#320150).
   - nfs: Fix "Do not increment lock sequence ID after NFS4ERR_MOVED"
     (git-fixes).
   - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829).
   - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532).
   - percpu: remove unused chunk_alloc parameter from pcpu_get_pages()
     (bnc#971975 VM -- git fixes).
   - perf/x86/intel/rapl: Make Knights Landings support functional
     (bsc#1042517).
   - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764
     fate#315275, LTC#103998).
   - quota: fill in Q_XGETQSTAT inode information for inactive quotas
     (bsc#1042356).
   - radix-tree: fix radix_tree_iter_retry() for tagged iterators     (bsc#1012829).
   - rpm/kernel-binary.spec: remove superfluous flags This should make build
     logs more readable and people adding more flags should have easier time
     finding a place to add them in the spec file.
   - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter
     (bsc#1012060)
   - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286).
   - series.conf: remove silly comment
   - tcp: account for ts offset only if tsecr not zero (bsc#1042286).
   - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286).
   - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286).
   - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286).
   - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data
     (bsc#1042286).
   - tpm: Downgrade error level (bsc#1042535).
   - udp: avoid ufo handling on IP payload compression packets (bsc#1042286).
   - udplite: call proper backlog handlers (bsc#1042286).
   - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
     (bsc#9048891).
   - xen/mce: do not issue error message for failed /dev/mcelog registration
     (bnc#1036638).
   - xen: add sysfs node for guest type (bnc#1037840).
   - xfrm: Fix memory leak of aead algorithm name (bsc#1042286).
   - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421).
   - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598).
   - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598).
   - xfs: log recovery tracepoints to track current lsn and buffer submission
     (bsc#1043598).
   - xfs: pass current lsn to log recovery buffer validation (bsc#1043598).
   - xfs: refactor log record unpack and data processing (bsc#1043598).
   - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421).
   - xfs: rework log recovery to submit buffers on LSN boundaries
     (bsc#1043598).
   - xfs: rework the inline directory verifiers (bsc#1042421).
   - xfs: sanity check directory inode di_size (bsc#1042421).
   - xfs: sanity check inode di_mode (bsc#1042421).
   - xfs: update metadata LSN in buffers during log recovery (bsc#1043598).
   - xfs: verify inline directory data forks (bsc#1042421).
   - zswap: do not param_set_charp while holding spinlock (VM Functionality,
     bsc#1042886).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-716=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.2 (noarch):

      kernel-devel-4.4.72-18.12.1
      kernel-docs-4.4.72-18.12.3
      kernel-docs-html-4.4.72-18.12.3
      kernel-docs-pdf-4.4.72-18.12.3
      kernel-macros-4.4.72-18.12.1
      kernel-source-4.4.72-18.12.1
      kernel-source-vanilla-4.4.72-18.12.1

   - openSUSE Leap 42.2 (x86_64):

      kernel-debug-4.4.72-18.12.2
      kernel-debug-base-4.4.72-18.12.2
      kernel-debug-base-debuginfo-4.4.72-18.12.2
      kernel-debug-debuginfo-4.4.72-18.12.2
      kernel-debug-debugsource-4.4.72-18.12.2
      kernel-debug-devel-4.4.72-18.12.2
      kernel-debug-devel-debuginfo-4.4.72-18.12.2
      kernel-default-4.4.72-18.12.2
      kernel-default-base-4.4.72-18.12.2
      kernel-default-base-debuginfo-4.4.72-18.12.2
      kernel-default-debuginfo-4.4.72-18.12.2
      kernel-default-debugsource-4.4.72-18.12.2
      kernel-default-devel-4.4.72-18.12.2
      kernel-obs-build-4.4.72-18.12.2
      kernel-obs-build-debugsource-4.4.72-18.12.2
      kernel-obs-qa-4.4.72-18.12.1
      kernel-syms-4.4.72-18.12.1
      kernel-vanilla-4.4.72-18.12.2
      kernel-vanilla-base-4.4.72-18.12.2
      kernel-vanilla-base-debuginfo-4.4.72-18.12.2
      kernel-vanilla-debuginfo-4.4.72-18.12.2
      kernel-vanilla-debugsource-4.4.72-18.12.2
      kernel-vanilla-devel-4.4.72-18.12.2


References:

   https://www.suse.com/security/cve/CVE-2017-1000364.html
   https://www.suse.com/security/cve/CVE-2017-1000380.html
   https://www.suse.com/security/cve/CVE-2017-7346.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1012060
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012829
   https://bugzilla.suse.com/1015452
   https://bugzilla.suse.com/1022595
   https://bugzilla.suse.com/1031796
   https://bugzilla.suse.com/1032339
   https://bugzilla.suse.com/1036638
   https://bugzilla.suse.com/1037840
   https://bugzilla.suse.com/1038085
   https://bugzilla.suse.com/1039348
   https://bugzilla.suse.com/1039900
   https://bugzilla.suse.com/1040855
   https://bugzilla.suse.com/1041242
   https://bugzilla.suse.com/1041431
   https://bugzilla.suse.com/1041810
   https://bugzilla.suse.com/1042286
   https://bugzilla.suse.com/1042356
   https://bugzilla.suse.com/1042421
   https://bugzilla.suse.com/1042517
   https://bugzilla.suse.com/1042535
   https://bugzilla.suse.com/1042536
   https://bugzilla.suse.com/1042886
   https://bugzilla.suse.com/1043014
   https://bugzilla.suse.com/1043231
   https://bugzilla.suse.com/1043236
   https://bugzilla.suse.com/1043371
   https://bugzilla.suse.com/1043467
   https://bugzilla.suse.com/1043598
   https://bugzilla.suse.com/1043935
   https://bugzilla.suse.com/1044015
   https://bugzilla.suse.com/1044125
   https://bugzilla.suse.com/1044532
   https://bugzilla.suse.com/863764
   https://bugzilla.suse.com/966321
   https://bugzilla.suse.com/966339
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/995542

openSUSE: 2017:1633-1: important: the Linux Kernel

June 21, 2017
An update that solves four vulnerabilities and has 35 fixes An update that solves four vulnerabilities and has 35 fixes An update that solves four vulnerabilities and has 35 fixes ...

Description

The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010) (bnc#1039348). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). The following non-security bugs were fixed: - ASoC: Intel: Skylake: Uninitialized variable in probe_codec() (bsc#1043231). - IB/core: Fix kernel crash during fail to initialize device (bsc#1022595 FATE#322350). - IB/core: For multicast functions, verify that LIDs are multicast LIDs (bsc#1022595 FATE#322350). - IB/core: If the MGID/MLID pair is not on the list return an error (bsc#1022595 FATE#322350). - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow (bsc#1022595 FATE#322350). - Make __xfs_xattr_put_listen preperly report errors (bsc#1041242). - NFS: Fix an LOCK/OPEN race when unlinking an open file (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix a reference leak caused WARNING messages (git-fixes). - PM / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231). - SUNRPC: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes). - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (git-fixes). - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900). - [media] vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231). - bcache: fix calling ida_simple_remove() with incorrect minor (bsc#1038085). - bna: add missing per queue ethtool stat (bsc#966321 FATE#320156). - bna: integer overflow bug in debugfs (bsc#966321 FATE#320156). - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (bsc#1042286). - bonding: do not use stale speed and duplex information (bsc#1042286). - bonding: prevent out of bound accesses (bsc#1042286). - brcmfmac: add fallback for devices that do not report per-chain values (bsc#1043231). - brcmfmac: avoid writing channel out of allocated array (bsc#1043231). - ceph: fix potential use-after-free (bsc#1043371). - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810). - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode (bsc#1012829). - cgroup: remove redundant cleanup in css_create (bsc#1012829). - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935). - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - drm/nouveau/tmr: fully separate alarm execution/pending lists (bsc#1043467). - efi: Do not issue error message when booted under Xen (bnc#1036638). - ext4: fix data corruption for mmap writes (bsc#1012829). - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829). - fuse: fix clearing suid, sgid for chown() (bsc#1012829). - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021, bsc#1040855). - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED (fate#322021, bsc#1040855). - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855). - ibmvnic: Halt TX and report carrier off on H_CLOSED return code (fate#322021, bsc#1040855). - ibmvnic: Handle failover after failed init crq (fate#322021, bsc#1040855). - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855). - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset the CRQ queue during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855). - ibmvnic: Return failure on attempted mtu change (bsc#1043236). - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855). - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855). - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286). - ipv6: fix endianness error in icmpv6_err (bsc#1042286). - kABI: protect struct fib_info (kabi). - kABI: protect struct pglist_data (kabi). - kABI: protect struct xlog (bsc#1043598). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - l2tp: fix race in l2tp_recv_common() (bsc#1042286). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - md: allow creation of mdNNN arrays via md_mod/parameters/new_array (bsc#1032339). - md: support disabling of create-on-open semantics (bsc#1032339). - mm/hugetlb: check for reserved hugepages during memory offline (bnc#971975 VM -- git fixes). - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975 VM -- git fixes). - mmc: Downgrade error level (bsc#1042536). - module: fix memory leak on early load_module() failures (bsc#1043014). - net: bridge: start hello timer only if device is up (bnc#1012382). - net: fix compile error in skb_orphan_partial() (bnc#1012382). - net: ipv6: set route type for anycast routes (bsc#1042286). - netfilter: nf_conntrack_sip: extend request line validation (bsc#1042286). - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty (bsc#1042286). - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags (bsc#1042286). - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register (bsc#1042286). - netfilter: nfnetlink_queue: reject verdict request from different portid (bsc#1042286). - netfilter: restart search if moved to other chain (bsc#1042286). - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bsc#966339 FATE#320150). - nfs: Fix "Do not increment lock sequence ID after NFS4ERR_MOVED" (git-fixes). - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829). - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532). - percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (bnc#971975 VM -- git fixes). - perf/x86/intel/rapl: Make Knights Landings support functional (bsc#1042517). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764 fate#315275, LTC#103998). - quota: fill in Q_XGETQSTAT inode information for inactive quotas (bsc#1042356). - radix-tree: fix radix_tree_iter_retry() for tagged iterators (bsc#1012829). - rpm/kernel-binary.spec: remove superfluous flags This should make build logs more readable and people adding more flags should have easier time finding a place to add them in the spec file. - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286). - series.conf: remove silly comment - tcp: account for ts offset only if tsecr not zero (bsc#1042286). - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286). - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286). - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286). - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data (bsc#1042286). - tpm: Downgrade error level (bsc#1042535). - udp: avoid ufo handling on IP payload compression packets (bsc#1042286). - udplite: call proper backlog handlers (bsc#1042286). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#9048891). - xen/mce: do not issue error message for failed /dev/mcelog registration (bnc#1036638). - xen: add sysfs node for guest type (bnc#1037840). - xfrm: Fix memory leak of aead algorithm name (bsc#1042286). - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421). - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598). - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598). - xfs: log recovery tracepoints to track current lsn and buffer submission (bsc#1043598). - xfs: pass current lsn to log recovery buffer validation (bsc#1043598). - xfs: refactor log record unpack and data processing (bsc#1043598). - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421). - xfs: rework log recovery to submit buffers on LSN boundaries (bsc#1043598). - xfs: rework the inline directory verifiers (bsc#1042421). - xfs: sanity check directory inode di_size (bsc#1042421). - xfs: sanity check inode di_mode (bsc#1042421). - xfs: update metadata LSN in buffers during log recovery (bsc#1043598). - xfs: verify inline directory data forks (bsc#1042421). - zswap: do not param_set_charp while holding spinlock (VM Functionality, bsc#1042886).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-716=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.2 (noarch): kernel-devel-4.4.72-18.12.1 kernel-docs-4.4.72-18.12.3 kernel-docs-html-4.4.72-18.12.3 kernel-docs-pdf-4.4.72-18.12.3 kernel-macros-4.4.72-18.12.1 kernel-source-4.4.72-18.12.1 kernel-source-vanilla-4.4.72-18.12.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.72-18.12.2 kernel-debug-base-4.4.72-18.12.2 kernel-debug-base-debuginfo-4.4.72-18.12.2 kernel-debug-debuginfo-4.4.72-18.12.2 kernel-debug-debugsource-4.4.72-18.12.2 kernel-debug-devel-4.4.72-18.12.2 kernel-debug-devel-debuginfo-4.4.72-18.12.2 kernel-default-4.4.72-18.12.2 kernel-default-base-4.4.72-18.12.2 kernel-default-base-debuginfo-4.4.72-18.12.2 kernel-default-debuginfo-4.4.72-18.12.2 kernel-default-debugsource-4.4.72-18.12.2 kernel-default-devel-4.4.72-18.12.2 kernel-obs-build-4.4.72-18.12.2 kernel-obs-build-debugsource-4.4.72-18.12.2 kernel-obs-qa-4.4.72-18.12.1 kernel-syms-4.4.72-18.12.1 kernel-vanilla-4.4.72-18.12.2 kernel-vanilla-base-4.4.72-18.12.2 kernel-vanilla-base-debuginfo-4.4.72-18.12.2 kernel-vanilla-debuginfo-4.4.72-18.12.2 kernel-vanilla-debugsource-4.4.72-18.12.2 kernel-vanilla-devel-4.4.72-18.12.2


References

https://www.suse.com/security/cve/CVE-2017-1000364.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-7346.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1015452 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1031796 https://bugzilla.suse.com/1032339 https://bugzilla.suse.com/1036638 https://bugzilla.suse.com/1037840 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1039900 https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1041242 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1041810 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042356 https://bugzilla.suse.com/1042421 https://bugzilla.suse.com/1042517 https://bugzilla.suse.com/1042535 https://bugzilla.suse.com/1042536 https://bugzilla.suse.com/1042886 https://bugzilla.suse.com/1043014 https://bugzilla.suse.com/1043231 https://bugzilla.suse.com/1043236 https://bugzilla.suse.com/1043371 https://bugzilla.suse.com/1043467 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1043935 https://bugzilla.suse.com/1044015 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1044532 https://bugzilla.suse.com/863764 https://bugzilla.suse.com/966321 https://bugzilla.suse.com/966339 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/995542


Severity
Announcement ID: openSUSE-SU-2017:1633-1
Rating: important
Affected Products: openSUSE Leap 42.2

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved