Lucene search

K
suseSuseOPENSUSE-SU-2017:2495-1
HistorySep 15, 2017 - 3:12 p.m.

Security update for the Linux Kernel (important)

2017-09-1515:12:43
lists.opensuse.org
473

0.009 Low

EPSS

Percentile

80.7%

The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various
security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
    was vulnerable to a stack overflow vulnerability in the processing of
    L2CAP configuration responses resulting in Remote code execution in
    kernel space (bnc#1057389).
  • CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the
    Linux kernel allowed local users to cause a denial of service
    (__tcp_select_window divide-by-zero error and system crash) by
    triggering a disconnect within a certain tcp_recvmsg code path
    (bnc#1056982).
  • CVE-2017-11472: The acpi_ns_terminate() function in
    drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the
    operand cache and causes a kernel stack dump, which allowed local users
    to obtain sensitive information from kernel memory and bypass the KASLR
    protection mechanism (in the kernel through 4.9) via a crafted ACPI
    table (bnc#1049580).
  • CVE-2017-14051: An integer overflow in the
    qla2x00_sysfs_write_optrom_ctl function in
    drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
    to cause a denial of service (memory corruption and system crash) by
    leveraging root access (bnc#1056588).
  • CVE-2017-12134: The xen_biovec_phys_mergeable function in
    drivers/xen/biomerge.c in Xen might allow local OS guest users to
    corrupt block device data streams and consequently obtain sensitive
    memory information, cause a denial of service, or gain host OS
    privileges by leveraging incorrect block IO merge-ability calculation
    (bnc#1051790 1053919).

The following non-security bugs were fixed:

  • acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
  • alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
    (bsc#1020657).
  • alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
  • alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform
    (bsc#1024405).
  • alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
  • alsa: usb-audio: Apply sample rate quirk to Sennheiser headset
    (bsc#1052580).
  • Add "shutdown" to "struct class" (bsc#1053117).
  • bluetooth: bnep: fix possible might sleep error in bnep_session
    (bsc#1031784).
  • bluetooth: cmtp: fix possible might sleep error in cmtp_session
    (bsc#1031784).
  • btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
  • nfs: flush data when locking a file to ensure cache coherence for mmap
    (bsc#981309).
  • Revert "/proc/iomem: only expose physical resource addresses to
    privileged users" (kabi).
  • Revert "Make file credentials available to the seqfile interfaces"
    (kabi).
  • usb: core: fix device node leak (bsc#1047487).
  • Update
    patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch
    (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
    git-fixes 5ca4c20cfd37).
  • bnxt: add a missing rcu synchronization (bnc#1038583).
  • bnxt: do not busy-poll when link is down (bnc#1038583).
  • bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).
  • bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).
  • bnxt_en: Fix NULL pointer dereference in a failure path during open
    (bnc#1038583).
  • bnxt_en: Fix NULL pointer dereference in reopen failure path
    (bnc#1038583).
  • bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
  • bnxt_en: Fix VF virtual link state (bnc#1038583).
  • bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
  • bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).
  • bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).
  • bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
  • bnxt_en: Refactor TPA code path (bnc#1038583).
  • bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).
  • bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).
  • ceph: fix readpage from fscache (bsc#1057015).
  • cxgb4: Fix stack out-of-bounds read due to wrong size to
    t4_record_mbox() (bsc#1021424 bsc#1022743).
  • drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
  • drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
  • fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
  • gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).
  • ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).
  • iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
  • iwlwifi: mvm: do not send CTDP commands via debugfs if not supported
    (bsc#1031717).
  • kernel/*: switch to memdup_user_nul() (bsc#1048893).
  • lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
  • lib: test_rhashtable: fix for large entry counts (bsc#1055359).
  • lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill
    warning (FATE#319466).
  • md/raid5: fix a race condition in stripe batch (linux-stable).
  • mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw
    poison – git fixes).
  • mm/page_alloc.c: apply gfp_allowed_mask before the first allocation
    attempt (bnc#971975 VM – git fixes).
  • mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).
  • netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
  • netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
  • netfilter: x_tables: pass xt_counters struct instead of packet counter
    (bsc#1052888).
  • netfilter: x_tables: pass xt_counters struct to counter allocator
    (bsc#1052888).
  • new helper: memdup_user_nul() (bsc#1048893).
  • of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()
    (bsc#1056827).
  • ovl: fix dentry leak for default_permissions (bsc#1054084).
  • percpu_ref: allow operation mode switching operations to be called
    concurrently (bsc#1055096).
  • percpu_ref: remove unnecessary RCU grace period for staggered atomic
    switching confirmation (bsc#1055096).
  • percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate
    percpu_ref_switch_to_atomic() (bsc#1055096).
  • percpu_ref: restructure operation mode switching (bsc#1055096).
  • percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
  • rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
  • s390: export symbols for crash-kmp (bsc#1053915).
  • supported.conf: clear mistaken external support flag for cifs.ko
    (bsc#1053802).
  • sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).
  • sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).
  • sysctl: kdoc’ify sysctl_writes_strict (bsc#1048893).
  • sysctl: simplify unsigned int support (bsc#1048893).
  • tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
  • tpm: KABI fix (bsc#1053117).
  • tpm: fix: return rc when devm_add_action() fails (bsc#1020645,
    fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
    8e0ee3c9faed).
  • tpm: read burstcount from TPM_STS in one 32-bit transaction
    (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
    git-fixes 27084efee0c3).
  • tpm_tis_core: Choose appropriate timeout for reading burstcount
    (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,
    git-fixes aec04cbdf723).
  • tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,
    fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes
    aec04cbdf723).
  • tty: serial: msm: Support more bauds (git-fixes).
  • ubifs: Correctly evict xattr inodes (bsc#1012829).
  • ubifs: Do not leak kernel memory to the MTD (bsc#1012829).
  • xfs: fix inobt inode allocation search optimization (bsc#1012829).

References