The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.
This feature was added:
- Support for the 2017 Intel Purley platform.
The following security bugs were fixed:
- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,
which is reportedly exploited in the wild (bsc#1004418).
- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the
Linux kernel allowed local users to obtain sensitive physical-address
information by reading a pagemap file, aka Android internal bug 25739721
(bnc#994759).
- CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options
data, which allowed local users to gain privileges or cause a denial of
service (use-after-free and system crash) via a crafted sendmsg system
call (bnc#992566).
- CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_
functions (bsc#994296)
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
determine the rate of challenge ACK segments, which made it easier for
man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack (bnc#989152)
- CVE-2016-6480: Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
to cause a denial of service (out-of-bounds access or system crash) by
changing a certain size value, aka a "double fetch" vulnerability
(bnc#991608)
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
setsockopt implementations in the netfilter subsystem in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (memory corruption) by leveraging in-container root access to
provide a crafted offset value that triggers an unintended decrement
(bnc#986362).
- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the
PIT counter values during state restoration, which allowed guest OS
users to cause a denial of service (divide-by-zero error and host OS
crash) via a zero value, related to the kvm_vm_ioctl_set_pit and
kvm_vm_ioctl_set_pit2 functions (bnc#960689).
- CVE-2013-4312: The Linux kernel allowed local users to bypass
file-descriptor limits and cause a denial of service (memory
consumption) by sending each descriptor over a UNIX socket closing it,
related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).
- CVE-2016-7425: A buffer overflow in the Linux Kernel in
arcmsr_iop_message_xfer() could have caused kernel heap corruption and
arbitraty kernel code execution (bsc#999932)
The following non-security bugs were fixed:
- ahci: Order SATA device IDs for codename Lewisburg.
- AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.
- ALSA: hda - Add Intel Lewisburg device IDs Audio.
- avoid dentry crash triggered by NFS (bsc#984194).
- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
- blktap2: eliminate race from deferred work queue handling (bsc#911687).
- bonding: always set recv_probe to bond_arp_rcv in arp monitor
(bsc#977687).
- bonding: fix bond_arp_rcv setting and arp validate desync state
(bsc#977687).
- btrfs: account for non-CoW’d blocks in btrfs_abort_transaction
(bsc#983619).
- btrfs: ensure that file descriptor used with subvol ioctls is a dir
(bsc#999600).
- cdc-acm: added sanity checking for probe() (bsc#993891).
- cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).
- Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch.
(bsc#979514)
- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- fs/select: add vmalloc fallback for select(2) (bsc#1000189).
- fs/select: introduce SIZE_MAX (bsc#1000189).
- i2c: i801: add Intel Lewisburg device IDs.
- include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM
performance – git fixes).
- increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple
nvme and tg3 in the same machine is resolved by increasing
CONFIG_NR_IRQS (bsc#998399)
- kabi, unix: properly account for FDs passed over unix sockets
(bnc#839104).
- kaweth: fix firmware download (bsc#993890).
- kaweth: fix oops upon failed memory allocation (bsc#993890).
- KVM: x86: SYSENTER emulation is broken (bsc#994618).
- libfc: sanity check cpu number extracted from xid (bsc#988440).
- lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held
(bsc#951392).
- md: lockless I/O submission for RAID1 (bsc#982783).
- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
(VM Functionality, bnc#986445).
- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
- net: add pfmemalloc check in sk_add_backlog() (bnc#920016).
- netback: fix flipping mode (bsc#996664).
- nfs: Do not drop directory dentry which is in use (bsc#993127).
- nfs: Don’t disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).
- nfs: Don’t write enable new pages while an invalidation is proceeding
(bsc#999584).
- nfs: Fix a regression in the read() syscall (bsc#999584).
- nfs: Fix races in nfs_revalidate_mapping (bsc#999584).
- nfs: fix the handling of NFS_INO_INVALID_DATA flag in
nfs_revalidate_mapping (bsc#999584).
- nfs: Fix writeback performance issue on cache invalidation (bsc#999584).
- nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
- nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).
- nfsv4: fix broken patch relating to v4 read delegations (bsc#956514,
bsc#989261, bsc#979595).
- nfsv4: Fix range checking in __nfs4_get_acl_uncached and
__nfs4_proc_set_acl (bsc#982218).
- pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).
- pciback: fix conf_space read/write overlap check.
- powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).
- ppp: defer netns reference release for ppp channel (bsc#980371).
- random32: add prandom_u32_max (bsc#989152).
- rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends
to run out of space nowadays.
- s390/dasd: fix hanging device after clear subchannel (bnc#994436).
- sata: Adding Intel Lewisburg device IDs for SATA.
- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
(bnc#1001419).
- sched/core: Fix a race between try_to_wake_up() and a woken up task
(bnc#1002165).
- sched: Fix possible divide by zero in avg_atom() calculation
(bsc#996329).
- scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).
- scsi: do not print "reservation conflict" for TEST UNIT READY
(bsc#984102).
- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
- scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning
(bnc#843236,bsc#989779).
- tmpfs: change final i_blocks BUG to WARNING (bsc#991923).
- Update
patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-
are.patch (add bsc#732582 reference).
- USB: fix typo in wMaxPacketSize validation (bsc#991665).
- USB: validate wMaxPacketValue entries in endpoint descriptors
(bnc#991665).
- vlan: don’t deliver frames for unknown vlans to protocols (bsc#979514).
- vlan: mask vlan prio bits (bsc#979514).
- xenbus: inspect the correct type in xenbus_dev_request_and_reply().
- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).