   openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2384-1
Rating:             important
References:         #1005776 #1015342 #1020645 #1020657 #1030850 
                    #1031717 #1031784 #1034048 #1037838 #1040813 
                    #1042847 #1047487 #1047989 #1048155 #1048228 
                    #1048325 #1048327 #1048356 #1048501 #1048912 
                    #1048934 #1049226 #1049272 #1049291 #1049336 
                    #1050211 #1050742 #1051790 #1052093 #1052094 
                    #1052095 #1052384 #1052580 #1052888 #1053117 
                    #1053309 #1053472 #1053627 #1053629 #1053633 
                    #1053681 #1053685 #1053802 #1053915 #1053919 
                    #1054082 #1054084 #1055013 #1055096 #1055272 
                    #1055290 #1055359 #1055709 #1055896 #1055935 
                    #1055963 #1056185 #1056588 #1056827 #969756 
                    
Cross-References:   CVE-2017-12134 CVE-2017-14051
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that solves two vulnerabilities and has 58 fixes
   is now available.

Description:



   The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2017-14051: An integer overflow in the
     qla2x00_sysfs_write_optrom_ctl function in
     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users     to cause a denial of service (memory corruption and system crash) by
     leveraging root access (bnc#1056588).
   - CVE-2017-12134: The xen_biovec_phys_mergeable function in
     drivers/xen/biomerge.c in Xen might allow local OS guest users to
     corrupt block device data streams and consequently obtain sensitive
     memory information, cause a denial of service, or gain host OS
     privileges by leveraging incorrect block IO merge-ability calculation
     (bnc#1051790 bnc#1053919).

   The following non-security bugs were fixed:

   - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller
     (bsc#1049291).
   - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
   - acpi: APEI: Enable APEI multiple GHES source to share a single external
     IRQ (bsc#1053627).
   - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).
   - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).
   - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes).
   - Add "shutdown" to "struct class" (bsc#1053117).
   - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
     (bsc#1020657).
   - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
   - alsa: hda - Workaround for i915 KBL breakage
     (bsc#1048356,bsc#1047989,bsc#1055272).
   - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
   - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset
     (bsc#1052580).
   - arm64: do not trace atomic operations (bsc#1055290).
   - block: add kblock_mod_delayed_work_on() (bsc#1050211).
   - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet
     time (bsc#1050211).
   - block: provide bio_uninit() free freeing integrity/task associations
     (bsc#1050211).
   - block: return on congested block device (FATE#321994).
   - bluetooth: bnep: fix possible might sleep error in bnep_session
     (bsc#1031784).
   - bluetooth: cmtp: fix possible might sleep error in cmtp_session
     (bsc#1031784).
   - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown
     (bsc#1053309).
   - bnxt_en: Add additional chip ID definitions (bsc#1053309).
   - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool
     stats (bsc#1053309).
   - bnxt_en: Add missing logic to handle TPA end error conditions
     (bsc#1053309).
   - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).
   - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0
     (bsc#1053309).
   - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration
     (bsc#1053309).
   - bnxt_en: Check status of firmware DCBX agent before setting
     DCB_CAP_DCBX_HOST (bsc#1053309).
   - bnxt_en: Fix bug in ethtool -L (bsc#1053309).
   - bnxt_en: Fix netpoll handling (bsc#1053309).
   - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).
   - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).
   - bnxt_en: Fix xmit_more with BQL (bsc#1053309).
   - bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309).
   - bnxt_en: Implement xmit_more (bsc#1053309).
   - bnxt_en: Optimize doorbell write operations for newer chips
     (bsc#1053309).
   - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).
   - bnxt_en: Report firmware DCBX agent (bsc#1053309).
   - bnxt_en: Retrieve the hardware bridge mode from the firmware
     (bsc#1053309).
   - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).
   - bnxt_en: Support for Short Firmware Message (bsc#1053309).
   - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).
   - bnxt: fix unsigned comparsion with 0 (bsc#1053309).
   - bnxt: fix unused variable warnings (bsc#1053309).
   - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
   - btrfs: nowait aio: Correct assignment of pos (FATE#321994).
   - btrfs: nowait aio support (FATE#321994).
   - ceph: avoid accessing freeing inode in ceph_check_delayed_caps()
     (bsc#1048228).
   - ceph: avoid invalid memory dereference in the middle of umount
     (bsc#1048228).
   - ceph: cleanup writepage_nounlock() (bsc#1048228).
   - ceph: do not re-send interrupted flock request (bsc#1048228).
   - ceph: getattr before read on ceph.* xattrs (bsc#1048228).
   - ceph: handle epoch barriers in cap messages (bsc#1048228).
   - ceph: new mount option that specifies fscache uniquifier (bsc#1048228).
   - ceph: redirty page when writepage_nounlock() skips unwritable page
     (bsc#1048228).
   - ceph: remove special ack vs commit behavior (bsc#1048228).
   - ceph: remove useless page->mapping check in writepage_nounlock()
     (bsc#1048228).
   - ceph: re-request max size after importing caps (bsc#1048228).
   - ceph: update ceph_dentry_info::lease_session when necessary
     (bsc#1048228).
   - ceph: update the 'approaching max_size' code (bsc#1048228).
   - ceph: when seeing write errors on an inode, switch to sync writes
     (bsc#1048228).
   - cifs: Fix maximum SMB2 header size (bsc#1056185).
   - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization
     (bsc#1055709).
   - crush: assume weight_set != null imples weight_set_size > 0
     (bsc#1048228).
   - crush: crush_init_workspace starts with struct crush_work (bsc#1048228).
   - crush: implement weight and id overrides for straw2 (bsc#1048228).
   - crush: remove an obsolete comment (bsc#1048228).
   - crypto: chcr - Add ctr mode and process large sg entries for cipher
     (bsc#1048325).
   - crypto: chcr - Avoid changing request structure (bsc#1048325).
   - crypto: chcr - Ensure Destination sg entry size less than 2k
     (bsc#1048325).
   - crypto: chcr - Fix fallback key setting (bsc#1048325).
   - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325).
   - crypto: chcr - Return correct error code (bsc#1048325).
   - cxgb4: update latest firmware version supported (bsc#1048327).
   - cxgbit: add missing __kfree_skb() (bsc#1052095).
   - cxgbit: fix sg_nents calculation (bsc#1052095).
   - Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384)
   - dm: make flush bios explicitly sync (bsc#1050211).
   - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).
   - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
   - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
   - ext4: nowait aio support (FATE#321994).
   - fs: Introduce filemap_range_has_page() (FATE#321994).
   - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).
   - fs: pass on flags in compat_writev (bsc#1050211).
   - fs: return if direct I/O will trigger writeback (FATE#321994).
   - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).
   - fs: Use RWF_* flags for AIO operations (FATE#321994).
   - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
   - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
     (bsc#1049291).
   - i2c: designware: Convert to use unified device property API
     (bsc#1049291).
   - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).
   - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).
   - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).
   - i2c: xgene-slimpro: Use a single function to send command message
     (bsc#1053633).
   - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).
   - ib/iser: Fix connection teardown race condition (bsc#1050211).
   - iscsi-target: fix invalid flags in text response (bsc#1052095).
   - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
   - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).
   - kABI: protect enum pid_type (kabi).
   - kABI: protect struct iscsi_np (kabi).
   - kABI: protect struct se_lun (kabi).
   - kabi/severities: add fs/ceph to kabi severities (bsc#1048228).
   - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)
   - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)
   - kABI: uninline task_tgid_nr_nr (kabi).
   - kvm: arm64: Restore host physical timer access on hyp_panic()
     (bsc#1054082).
   - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability
     (bsc#1054082).
   - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state
     (bsc#1055935).
   - kvm: x86: block guest protection keys unless the host has them enabled
     (bsc#1055935).
   - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).
   - kvm: x86: simplify handling of PKRU (bsc#1055935).
   - libceph: abort already submitted but abortable requests when map or pool
     goes full (bsc#1048228).
   - libceph: add an epoch_barrier field to struct ceph_osd_client
     (bsc#1048228).
   - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS
     (bsc#1048228).
   - libceph: advertise support for OSD_POOLRESEND (bsc#1048228).
   - libceph: allow requests to return immediately on full conditions if
     caller wishes (bsc#1048228).
   - libceph: always populate t->target_{oid,oloc} in calc_target()
     (bsc#1048228).
   - libceph: always signal completion when done (bsc#1048228).
   - libceph: apply_upmap() (bsc#1048228).
   - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).
   - libceph: ceph_connection_operations::reencode_message() method
     (bsc#1048228).
   - libceph: ceph_decode_skip_* helpers (bsc#1048228).
   - libceph: compute actual pgid in ceph_pg_to_up_acting_osds()
     (bsc#1048228).
   - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule()
     (bsc#1048228).
   - libceph: delete from need_resend_linger before check_linger_pool_dne()
     (bsc#1048228).
   - libceph: do not call encode_request_finish() on MOSDBackoff messages
     (bsc#1048228).
   - libceph: do not call ->reencode_message() more than once per message
     (bsc#1048228).
   - libceph: do not pass pgid by value (bsc#1048228).
   - libceph: drop need_resend from calc_target() (bsc#1048228).
   - libceph: encode_{pgid,oloc}() helpers (bsc#1048228).
   - libceph: fallback for when there isn't a pool-specific choose_arg
     (bsc#1048228).
   - libceph: fix old style declaration warnings (bsc#1048228).
   - libceph: foldreq->last_force_resend into ceph_osd_request_target
     (bsc#1048228).
   - libceph: get rid of ack vs commit (bsc#1048228).
   - libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228).
   - libceph: initialize last_linger_id with a large integer (bsc#1048228).
   - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).
   - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).
   - libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228).
   - libceph: make DEFINE_RB_* helpers more general (bsc#1048228).
   - libceph: make encode_request_*() work with r_mempool requests
     (bsc#1048228).
   - libceph: make RECOVERY_DELETES feature create a new interval
     (bsc#1048228).
   - libceph: make sure need_resend targets reflect latest map (bsc#1048228).
   - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).
   - libceph: new features macros (bsc#1048228).
   - libceph: new pi->last_force_request_resend (bsc#1048228).
   - libceph: NULL deref on osdmap_apply_incremental() error path
     (bsc#1048228).
   - libceph: osd_request_timeout option (bsc#1048228).
   - libceph: osd_state is 32 bits wide in luminous (bsc#1048228).
   - libceph: pg_upmap[_items] infrastructure (bsc#1048228).
   - libceph: pool deletion detection (bsc#1048228).
   - libceph: potential NULL dereference in ceph_msg_data_create()
     (bsc#1048228).
   - libceph: remove ceph_sanitize_features() workaround (bsc#1048228).
   - libceph: remove now unused finish_request() wrapper (bsc#1048228).
   - libceph: remove req->r_replay_version (bsc#1048228).
   - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).
   - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).
   - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).
   - libceph: support SERVER_JEWEL feature bits (bsc#1048228).
   - libceph: take osdc->lock in osdmap_show() and dump flags in hex
     (bsc#1048228).
   - libceph: upmap semantic changes (bsc#1048228).
   - libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()
     (bsc#1048228).
   - libceph: use target pi for calc_target() calculations (bsc#1048228).
   - lib: test_rhashtable: fix for large entry counts (bsc#1055359).
   - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
   - locking/rwsem: Fix down_write_killable() for
     CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).
   - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
     (bsc#969756).
   - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).
   - lpfc: convert info messages to standard messages (bsc#1052384).
   - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).
   - lpfc: Correct return error codes to align with nvme_fc transport
     (bsc#1052384).
   - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).
   - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).
   - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).
   - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology
     (bsc#1052384).
   - lpfc: fix "integer constant too large" error on 32bit archs
     (bsc#1052384).
   - lpfc: Fix loop mode target discovery (bsc#1052384).
   - lpfc: Fix MRQ > 1 context list handling (bsc#1052384).
   - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).
   - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).
   - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment
     (bsc#1052384).
   - lpfc: Fix plogi collision that causes illegal state transition
     (bsc#1052384).
   - lpfc: Fix rediscovery on switch blade pull (bsc#1052384).
   - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).
   - lpfc: fixup crash during storage failover operations (bsc#1042847).
   - lpfc: Limit amount of work processed in IRQ (bsc#1052384).
   - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).
   - lpfc: remove console log clutter (bsc#1052384).
   - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).
   - megaraid_sas: Fix probing cards without io port (bsc#1053681).
   - mmc: mmc: correct the logic for setting HS400ES signal voltage
     (bsc#1054082).
   - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
     poison -- git fixes).
   - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
   - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).
   - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
   - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
   - netfilter: x_tables: pass xt_counters struct instead of packet counter
     (bsc#1052888).
   - netfilter: x_tables: pass xt_counters struct to counter allocator
     (bsc#1052888).
   - net: hns: add acpi function of xge led control (bsc#1049336).
   - net: hns: Fix a skb used after free bug (bsc#1049336).
   - net/mlx5: Cancel delayed recovery work when unloading the driver
     (bsc#1015342).
   - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure
     (bsc#1015342).
   - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).
   - net/mlx5e: Add field select to MTPPS register (bsc#1015342).
   - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).
   - net/mlx5e: Change 1PPS out scheme (bsc#1015342).
   - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
   - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).
   - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).
   - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff
     (bsc#1015342).
   - net/mlx5e: Rename physical symbol errors counter (bsc#1015342).
   - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests
     (bsc#1015342).
   - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).
   - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).
   - net: phy: Fix lack of reference count on PHY driver (bsc#1049336).
   - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()
     (bsc#1049336).
   - nvme-fc: address target disconnect race conditions in fcp io submit
     (bsc#1052384).
   - nvme-fc: do not override opts->nr_io_queues (bsc#1052384).
   - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).
   - nvme_fc/nvmet_fc: revise Create Association descriptor length
     (bsc#1052384).
   - nvme_fc: Reattach to localports on re-registration (bsc#1052384).
   - nvme-fc: revise TRADDR parsing (bsc#1052384).
   - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).
   - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it
     (bsc#1052384).
   - nvme: fix hostid parsing (bsc#1049272).
   - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting
     (bsc#1052384).
   - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).
   - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting
     (bsc#1052384).
   - nvmet: avoid unneeded assignment of submit_bio return value
     (bsc#1052384).
   - nvmet_fc: Accept variable pad lengths on Create Association LS
     (bsc#1052384).
   - nvmet_fc: add defer_req callback for deferment of cmd buffer return
     (bsc#1052384).
   - nvmet-fc: correct use after free on list teardown (bsc#1052384).
   - nvmet-fc: eliminate incorrect static markers on local variables
     (bsc#1052384).
   - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association
     (bsc#1052384).
   - nvmet_fc: Simplify sg list handling (bsc#1052384).
   - nvmet: prefix version configfs file with attr (bsc#1052384).
   - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
     (bsc#1056827).
   - ovl: fix dentry leak for default_permissions (bsc#1054084).
   - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).
   - pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs
     (1050211).
   - percpu_ref: allow operation mode switching operations to be called
     concurrently (bsc#1055096).
   - percpu_ref: remove unnecessary RCU grace period for staggered atomic
     switching confirmation (bsc#1055096).
   - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
     percpu_ref_switch_to_atomic() (bsc#1055096).
   - percpu_ref: restructure operation mode switching (bsc#1055096).
   - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
   - phy: Do not increment MDIO bus refcount unless it's a different owner
     (bsc#1049336).
   - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).
   - qeth: add network device features for VLAN devices (bnc#1053472,
     LTC#157385).
   - r8169: Add support for restarting auto-negotiation (bsc#1050742).
   - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).
   - r8169:fix system hange problem (bsc#1050742).
   - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).
   - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).
   - r8169:Remove unnecessary phy reset for pcie nic when setting link spped
     (bsc#1050742).
   - r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt"
     (bsc#1050742).
   - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).
   - Remove patch
     0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch
     (bsc#1037838)
   - Revert "ceph: SetPageError() for writeback pages if writepages fails"
     (bsc#1048228).
   - s390/diag: add diag26c support (bnc#1053472, LTC#156729).
   - s390: export symbols for crash-kmp (bsc#1053915).
   - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h
     (bsc#1053472).
   - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472,
     LTC#157731).
   - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).
   - s390/pci: improve error handling during fmb (de)registration
     (bnc#1053472, LTC#157731).
   - s390/pci: improve error handling during interrupt deregistration
     (bnc#1053472, LTC#157731).
   - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).
   - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).
   - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).
   - s390/pci: provide more debug information (bnc#1053472, LTC#157731).
   - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).
   - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).
   - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).
   - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472,
     LTC#156729).
   - scsi: csiostor: add check for supported fw version (bsc#1005776).
   - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).
   - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
     (bsc#1005776).
   - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).
   - scsi: csiostor: update module version (bsc#1052093).
   - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).
   - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).
   - scsi: qedf: Limit number of CQs (bsc#1040813).
   - supported.conf: clear mistaken external support flag for cifs.ko
     (bsc#1053802).
   - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
     fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
     8e0ee3c9faed).
   - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
   - tpm: KABI fix (bsc#1053117).
   - tpm: read burstcount from TPM_STS in one 32-bit transaction
     (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
     git-fixes 27084efee0c3).
   - tpm_tis_core: Choose appropriate timeout for reading burstcount
     (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
     git-fixes aec04cbdf723).
   - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
     fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
     aec04cbdf723).
   - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).
   - tty: serial: msm: Support more bauds (git-fixes).
   - Update
     patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch
     (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
     git-fixes 5ca4c20cfd37).
   - usb: core: fix device node leak (bsc#1047487).
   - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).
   - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage
     (bsc#1055896).
   - xfs: nowait aio support (FATE#321994).
   - xgene: Always get clk source, but ignore if it's missing for SGMII ports
     (bsc#1048501).
   - xgene: Do not fail probe, if there is no clk resource for SGMII
     interfaces (bsc#1048501).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2017-1017=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.3 (noarch):

      kernel-devel-4.4.85-22.1
      kernel-docs-4.4.85-22.3
      kernel-docs-html-4.4.85-22.3
      kernel-docs-pdf-4.4.85-22.3
      kernel-macros-4.4.85-22.1
      kernel-source-4.4.85-22.1
      kernel-source-vanilla-4.4.85-22.1

   - openSUSE Leap 42.3 (x86_64):

      kernel-debug-4.4.85-22.1
      kernel-debug-base-4.4.85-22.1
      kernel-debug-base-debuginfo-4.4.85-22.1
      kernel-debug-debuginfo-4.4.85-22.1
      kernel-debug-debugsource-4.4.85-22.1
      kernel-debug-devel-4.4.85-22.1
      kernel-debug-devel-debuginfo-4.4.85-22.1
      kernel-default-4.4.85-22.1
      kernel-default-base-4.4.85-22.1
      kernel-default-base-debuginfo-4.4.85-22.1
      kernel-default-debuginfo-4.4.85-22.1
      kernel-default-debugsource-4.4.85-22.1
      kernel-default-devel-4.4.85-22.1
      kernel-obs-build-4.4.85-22.1
      kernel-obs-build-debugsource-4.4.85-22.1
      kernel-obs-qa-4.4.85-22.1
      kernel-syms-4.4.85-22.1
      kernel-vanilla-4.4.85-22.1
      kernel-vanilla-base-4.4.85-22.1
      kernel-vanilla-base-debuginfo-4.4.85-22.1
      kernel-vanilla-debuginfo-4.4.85-22.1
      kernel-vanilla-debugsource-4.4.85-22.1
      kernel-vanilla-devel-4.4.85-22.1


References:

   https://www.suse.com/security/cve/CVE-2017-12134.html
   https://www.suse.com/security/cve/CVE-2017-14051.html
   https://bugzilla.suse.com/1005776
   https://bugzilla.suse.com/1015342
   https://bugzilla.suse.com/1020645
   https://bugzilla.suse.com/1020657
   https://bugzilla.suse.com/1030850
   https://bugzilla.suse.com/1031717
   https://bugzilla.suse.com/1031784
   https://bugzilla.suse.com/1034048
   https://bugzilla.suse.com/1037838
   https://bugzilla.suse.com/1040813
   https://bugzilla.suse.com/1042847
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1047989
   https://bugzilla.suse.com/1048155
   https://bugzilla.suse.com/1048228
   https://bugzilla.suse.com/1048325
   https://bugzilla.suse.com/1048327
   https://bugzilla.suse.com/1048356
   https://bugzilla.suse.com/1048501
   https://bugzilla.suse.com/1048912
   https://bugzilla.suse.com/1048934
   https://bugzilla.suse.com/1049226
   https://bugzilla.suse.com/1049272
   https://bugzilla.suse.com/1049291
   https://bugzilla.suse.com/1049336
   https://bugzilla.suse.com/1050211
   https://bugzilla.suse.com/1050742
   https://bugzilla.suse.com/1051790
   https://bugzilla.suse.com/1052093
   https://bugzilla.suse.com/1052094
   https://bugzilla.suse.com/1052095
   https://bugzilla.suse.com/1052384
   https://bugzilla.suse.com/1052580
   https://bugzilla.suse.com/1052888
   https://bugzilla.suse.com/1053117
   https://bugzilla.suse.com/1053309
   https://bugzilla.suse.com/1053472
   https://bugzilla.suse.com/1053627
   https://bugzilla.suse.com/1053629
   https://bugzilla.suse.com/1053633
   https://bugzilla.suse.com/1053681
   https://bugzilla.suse.com/1053685
   https://bugzilla.suse.com/1053802
   https://bugzilla.suse.com/1053915
   https://bugzilla.suse.com/1053919
   https://bugzilla.suse.com/1054082
   https://bugzilla.suse.com/1054084
   https://bugzilla.suse.com/1055013
   https://bugzilla.suse.com/1055096
   https://bugzilla.suse.com/1055272
   https://bugzilla.suse.com/1055290
   https://bugzilla.suse.com/1055359
   https://bugzilla.suse.com/1055709
   https://bugzilla.suse.com/1055896
   https://bugzilla.suse.com/1055935
   https://bugzilla.suse.com/1055963
   https://bugzilla.suse.com/1056185
   https://bugzilla.suse.com/1056588
   https://bugzilla.suse.com/1056827
   https://bugzilla.suse.com/969756

openSUSE: 2017:2384-1: important: the Linux Kernel

September 7, 2017

An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes is ...

Description

The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). The following non-security bugs were fixed: - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291). - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291). - acpi: APEI: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627). - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627). - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629). - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes). - Add "shutdown" to "struct class" (bsc#1053117). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda - Workaround for i915 KBL breakage (bsc#1048356,bsc#1047989,bsc#1055272). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - arm64: do not trace atomic operations (bsc#1055290). - block: add kblock_mod_delayed_work_on() (bsc#1050211). - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211). - block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211). - block: return on congested block device (FATE#321994). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown (bsc#1053309). - bnxt_en: Add additional chip ID definitions (bsc#1053309). - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool stats (bsc#1053309). - bnxt_en: Add missing logic to handle TPA end error conditions (bsc#1053309). - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309). - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0 (bsc#1053309). - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration (bsc#1053309). - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST (bsc#1053309). - bnxt_en: Fix bug in ethtool -L (bsc#1053309). - bnxt_en: Fix netpoll handling (bsc#1053309). - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309). - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309). - bnxt_en: Fix xmit_more with BQL (bsc#1053309). - bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309). - bnxt_en: Implement xmit_more (bsc#1053309). - bnxt_en: Optimize doorbell write operations for newer chips (bsc#1053309). - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309). - bnxt_en: Report firmware DCBX agent (bsc#1053309). - bnxt_en: Retrieve the hardware bridge mode from the firmware (bsc#1053309). - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309). - bnxt_en: Support for Short Firmware Message (bsc#1053309). - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309). - bnxt: fix unsigned comparsion with 0 (bsc#1053309). - bnxt: fix unused variable warnings (bsc#1053309). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: nowait aio: Correct assignment of pos (FATE#321994). - btrfs: nowait aio support (FATE#321994). - ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (bsc#1048228). - ceph: avoid invalid memory dereference in the middle of umount (bsc#1048228). - ceph: cleanup writepage_nounlock() (bsc#1048228). - ceph: do not re-send interrupted flock request (bsc#1048228). - ceph: getattr before read on ceph.* xattrs (bsc#1048228). - ceph: handle epoch barriers in cap messages (bsc#1048228). - ceph: new mount option that specifies fscache uniquifier (bsc#1048228). - ceph: redirty page when writepage_nounlock() skips unwritable page (bsc#1048228). - ceph: remove special ack vs commit behavior (bsc#1048228). - ceph: remove useless page->mapping check in writepage_nounlock() (bsc#1048228). - ceph: re-request max size after importing caps (bsc#1048228). - ceph: update ceph_dentry_info::lease_session when necessary (bsc#1048228). - ceph: update the 'approaching max_size' code (bsc#1048228). - ceph: when seeing write errors on an inode, switch to sync writes (bsc#1048228). - cifs: Fix maximum SMB2 header size (bsc#1056185). - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization (bsc#1055709). - crush: assume weight_set != null imples weight_set_size > 0 (bsc#1048228). - crush: crush_init_workspace starts with struct crush_work (bsc#1048228). - crush: implement weight and id overrides for straw2 (bsc#1048228). - crush: remove an obsolete comment (bsc#1048228). - crypto: chcr - Add ctr mode and process large sg entries for cipher (bsc#1048325). - crypto: chcr - Avoid changing request structure (bsc#1048325). - crypto: chcr - Ensure Destination sg entry size less than 2k (bsc#1048325). - crypto: chcr - Fix fallback key setting (bsc#1048325). - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325). - crypto: chcr - Return correct error code (bsc#1048325). - cxgb4: update latest firmware version supported (bsc#1048327). - cxgbit: add missing __kfree_skb() (bsc#1052095). - cxgbit: fix sg_nents calculation (bsc#1052095). - Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384) - dm: make flush bios explicitly sync (bsc#1050211). - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - ext4: nowait aio support (FATE#321994). - fs: Introduce filemap_range_has_page() (FATE#321994). - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994). - fs: pass on flags in compat_writev (bsc#1050211). - fs: return if direct I/O will trigger writeback (FATE#321994). - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994). - fs: Use RWF_* flags for AIO operations (FATE#321994). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller (bsc#1049291). - i2c: designware: Convert to use unified device property API (bsc#1049291). - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633). - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633). - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633). - i2c: xgene-slimpro: Use a single function to send command message (bsc#1053633). - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685). - ib/iser: Fix connection teardown race condition (bsc#1050211). - iscsi-target: fix invalid flags in text response (bsc#1052095). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290). - kABI: protect enum pid_type (kabi). - kABI: protect struct iscsi_np (kabi). - kABI: protect struct se_lun (kabi). - kabi/severities: add fs/ceph to kabi severities (bsc#1048228). - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094) - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472) - kABI: uninline task_tgid_nr_nr (kabi). - kvm: arm64: Restore host physical timer access on hyp_panic() (bsc#1054082). - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability (bsc#1054082). - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state (bsc#1055935). - kvm: x86: block guest protection keys unless the host has them enabled (bsc#1055935). - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935). - kvm: x86: simplify handling of PKRU (bsc#1055935). - libceph: abort already submitted but abortable requests when map or pool goes full (bsc#1048228). - libceph: add an epoch_barrier field to struct ceph_osd_client (bsc#1048228). - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS (bsc#1048228). - libceph: advertise support for OSD_POOLRESEND (bsc#1048228). - libceph: allow requests to return immediately on full conditions if caller wishes (bsc#1048228). - libceph: always populate t->target_{oid,oloc} in calc_target() (bsc#1048228). - libceph: always signal completion when done (bsc#1048228). - libceph: apply_upmap() (bsc#1048228). - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228). - libceph: ceph_connection_operations::reencode_message() method (bsc#1048228). - libceph: ceph_decode_skip_* helpers (bsc#1048228). - libceph: compute actual pgid in ceph_pg_to_up_acting_osds() (bsc#1048228). - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule() (bsc#1048228). - libceph: delete from need_resend_linger before check_linger_pool_dne() (bsc#1048228). - libceph: do not call encode_request_finish() on MOSDBackoff messages (bsc#1048228). - libceph: do not call ->reencode_message() more than once per message (bsc#1048228). - libceph: do not pass pgid by value (bsc#1048228). - libceph: drop need_resend from calc_target() (bsc#1048228). - libceph: encode_{pgid,oloc}() helpers (bsc#1048228). - libceph: fallback for when there isn't a pool-specific choose_arg (bsc#1048228). - libceph: fix old style declaration warnings (bsc#1048228). - libceph: foldreq->last_force_resend into ceph_osd_request_target (bsc#1048228). - libceph: get rid of ack vs commit (bsc#1048228). - libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228). - libceph: initialize last_linger_id with a large integer (bsc#1048228). - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228). - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228). - libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228). - libceph: make DEFINE_RB_* helpers more general (bsc#1048228). - libceph: make encode_request_*() work with r_mempool requests (bsc#1048228). - libceph: make RECOVERY_DELETES feature create a new interval (bsc#1048228). - libceph: make sure need_resend targets reflect latest map (bsc#1048228). - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228). - libceph: new features macros (bsc#1048228). - libceph: new pi->last_force_request_resend (bsc#1048228). - libceph: NULL deref on osdmap_apply_incremental() error path (bsc#1048228). - libceph: osd_request_timeout option (bsc#1048228). - libceph: osd_state is 32 bits wide in luminous (bsc#1048228). - libceph: pg_upmap[_items] infrastructure (bsc#1048228). - libceph: pool deletion detection (bsc#1048228). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1048228). - libceph: remove ceph_sanitize_features() workaround (bsc#1048228). - libceph: remove now unused finish_request() wrapper (bsc#1048228). - libceph: remove req->r_replay_version (bsc#1048228). - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228). - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228). - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228). - libceph: support SERVER_JEWEL feature bits (bsc#1048228). - libceph: take osdc->lock in osdmap_show() and dump flags in hex (bsc#1048228). - libceph: upmap semantic changes (bsc#1048228). - libceph: use alloc_pg_mapping() in __decode_pg_upmap_items() (bsc#1048228). - libceph: use target pi for calc_target() calculations (bsc#1048228). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756). - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common() (bsc#969756). - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384). - lpfc: convert info messages to standard messages (bsc#1052384). - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384). - lpfc: Correct return error codes to align with nvme_fc transport (bsc#1052384). - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384). - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384). - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384). - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology (bsc#1052384). - lpfc: fix "integer constant too large" error on 32bit archs (bsc#1052384). - lpfc: Fix loop mode target discovery (bsc#1052384). - lpfc: Fix MRQ > 1 context list handling (bsc#1052384). - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384). - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384). - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment (bsc#1052384). - lpfc: Fix plogi collision that causes illegal state transition (bsc#1052384). - lpfc: Fix rediscovery on switch blade pull (bsc#1052384). - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384). - lpfc: fixup crash during storage failover operations (bsc#1042847). - lpfc: Limit amount of work processed in IRQ (bsc#1052384). - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384). - lpfc: remove console log clutter (bsc#1052384). - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384). - megaraid_sas: Fix probing cards without io port (bsc#1053681). - mmc: mmc: correct the logic for setting HS400ES signal voltage (bsc#1054082). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - net: hns: add acpi function of xge led control (bsc#1049336). - net: hns: Fix a skb used after free bug (bsc#1049336). - net/mlx5: Cancel delayed recovery work when unloading the driver (bsc#1015342). - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure (bsc#1015342). - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342). - net/mlx5e: Add field select to MTPPS register (bsc#1015342). - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342). - net/mlx5e: Change 1PPS out scheme (bsc#1015342). - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342). - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342). - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342). - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff (bsc#1015342). - net/mlx5e: Rename physical symbol errors counter (bsc#1015342). - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests (bsc#1015342). - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342). - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342). - net: phy: Fix lack of reference count on PHY driver (bsc#1049336). - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() (bsc#1049336). - nvme-fc: address target disconnect race conditions in fcp io submit (bsc#1052384). - nvme-fc: do not override opts->nr_io_queues (bsc#1052384). - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384). - nvme_fc/nvmet_fc: revise Create Association descriptor length (bsc#1052384). - nvme_fc: Reattach to localports on re-registration (bsc#1052384). - nvme-fc: revise TRADDR parsing (bsc#1052384). - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384). - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it (bsc#1052384). - nvme: fix hostid parsing (bsc#1049272). - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211). - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvmet: avoid unneeded assignment of submit_bio return value (bsc#1052384). - nvmet_fc: Accept variable pad lengths on Create Association LS (bsc#1052384). - nvmet_fc: add defer_req callback for deferment of cmd buffer return (bsc#1052384). - nvmet-fc: correct use after free on list teardown (bsc#1052384). - nvmet-fc: eliminate incorrect static markers on local variables (bsc#1052384). - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association (bsc#1052384). - nvmet_fc: Simplify sg list handling (bsc#1052384). - nvmet: prefix version configfs file with attr (bsc#1052384). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211). - pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs (1050211). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - phy: Do not increment MDIO bus refcount unless it's a different owner (bsc#1049336). - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336). - qeth: add network device features for VLAN devices (bnc#1053472, LTC#157385). - r8169: Add support for restarting auto-negotiation (bsc#1050742). - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742). - r8169:fix system hange problem (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742). - r8169:Remove unnecessary phy reset for pcie nic when setting link spped (bsc#1050742). - r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt" (bsc#1050742). - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342). - Remove patch 0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch (bsc#1037838) - Revert "ceph: SetPageError() for writeback pages if writepages fails" (bsc#1048228). - s390/diag: add diag26c support (bnc#1053472, LTC#156729). - s390: export symbols for crash-kmp (bsc#1053915). - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h (bsc#1053472). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1053472, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1053472, LTC#157731). - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731). - s390/pci: provide more debug information (bnc#1053472, LTC#157731). - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276). - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472, LTC#156729). - scsi: csiostor: add check for supported fw version (bsc#1005776). - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776). - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() (bsc#1005776). - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776). - scsi: csiostor: update module version (bsc#1052093). - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094). - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912). - scsi: qedf: Limit number of CQs (bsc#1040813). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082). - tty: serial: msm: Support more bauds (git-fixes). - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37). - usb: core: fix device node leak (bsc#1047487). - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963). - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896). - xfs: nowait aio support (FATE#321994). - xgene: Always get clk source, but ignore if it's missing for SGMII ports (bsc#1048501). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501).

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1017=1 To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (noarch): kernel-devel-4.4.85-22.1 kernel-docs-4.4.85-22.3 kernel-docs-html-4.4.85-22.3 kernel-docs-pdf-4.4.85-22.3 kernel-macros-4.4.85-22.1 kernel-source-4.4.85-22.1 kernel-source-vanilla-4.4.85-22.1 - openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.85-22.1 kernel-debug-base-4.4.85-22.1 kernel-debug-base-debuginfo-4.4.85-22.1 kernel-debug-debuginfo-4.4.85-22.1 kernel-debug-debugsource-4.4.85-22.1 kernel-debug-devel-4.4.85-22.1 kernel-debug-devel-debuginfo-4.4.85-22.1 kernel-default-4.4.85-22.1 kernel-default-base-4.4.85-22.1 kernel-default-base-debuginfo-4.4.85-22.1 kernel-default-debuginfo-4.4.85-22.1 kernel-default-debugsource-4.4.85-22.1 kernel-default-devel-4.4.85-22.1 kernel-obs-build-4.4.85-22.1 kernel-obs-build-debugsource-4.4.85-22.1 kernel-obs-qa-4.4.85-22.1 kernel-syms-4.4.85-22.1 kernel-vanilla-4.4.85-22.1 kernel-vanilla-base-4.4.85-22.1 kernel-vanilla-base-debuginfo-4.4.85-22.1 kernel-vanilla-debuginfo-4.4.85-22.1 kernel-vanilla-debugsource-4.4.85-22.1 kernel-vanilla-devel-4.4.85-22.1

References

https://www.suse.com/security/cve/CVE-2017-12134.html https://www.suse.com/security/cve/CVE-2017-14051.html https://bugzilla.suse.com/1005776 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020657 https://bugzilla.suse.com/1030850 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031784 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1040813 https://bugzilla.suse.com/1042847 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1047989 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048228 https://bugzilla.suse.com/1048325 https://bugzilla.suse.com/1048327 https://bugzilla.suse.com/1048356 https://bugzilla.suse.com/1048501 https://bugzilla.suse.com/1048912 https://bugzilla.suse.com/1048934 https://bugzilla.suse.com/1049226 https://bugzilla.suse.com/1049272 https://bugzilla.suse.com/1049291 https://bugzilla.suse.com/1049336 https://bugzilla.suse.com/1050211 https://bugzilla.suse.com/1050742 https://bugzilla.suse.com/1051790 https://bugzilla.suse.com/1052093 https://bugzilla.suse.com/1052094 https://bugzilla.suse.com/1052095 https://bugzilla.suse.com/1052384 https://bugzilla.suse.com/1052580 https://bugzilla.suse.com/1052888 https://bugzilla.suse.com/1053117 https://bugzilla.suse.com/1053309 https://bugzilla.suse.com/1053472 https://bugzilla.suse.com/1053627 https://bugzilla.suse.com/1053629 https://bugzilla.suse.com/1053633 https://bugzilla.suse.com/1053681 https://bugzilla.suse.com/1053685 https://bugzilla.suse.com/1053802 https://bugzilla.suse.com/1053915 https://bugzilla.suse.com/1053919 https://bugzilla.suse.com/1054082 https://bugzilla.suse.com/1054084 https://bugzilla.suse.com/1055013 https://bugzilla.suse.com/1055096 https://bugzilla.suse.com/1055272 https://bugzilla.suse.com/1055290 https://bugzilla.suse.com/1055359 https://bugzilla.suse.com/1055709 https://bugzilla.suse.com/1055896 https://bugzilla.suse.com/1055935 https://bugzilla.suse.com/1055963 https://bugzilla.suse.com/1056185 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056827 https://bugzilla.suse.com/969756