Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack
  overflow vulnerability in the processing of L2CAP configuration
  responses resulting in remote code execution in kernel space
  (bnc#1057389).
• CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h
  did not verify that a filesystem has a realtime device, which allowed
  local users to cause a denial of service (NULL pointer dereference and
  OOPS) via vectors related to setting an RHINHERIT flag on a directory
  (bnc#1058524).
• CVE-2017-14140: The move_pages system call in mm/migrate.c did not check
  the effective uid of the target process, enabling a local attacker to
  learn the memory layout of a setuid executable despite ASLR
  (bnc#1057179).
• CVE-2017-14051: An integer overflow in the
  qla2x00_sysfs_write_optrom_ctl function in
  drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of
  service (memory corruption and system crash) by leveraging root access
  (bnc#1056588).
• CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to
  gain privileges or cause a denial of service (list corruption or
  use-after-free) via simultaneous file-descriptor operations that
  leverage improper might_cancel queueing (bnc#1053152).
• CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer
  was copied into a local buffer of constant size using strcpy without a
  length check which can cause a buffer overflow (bnc#1053148).
• CVE-2017-8831: The saa7164_bus_get function allowed local users to cause
  a denial of service (out-of-bounds array access) or possibly have
  unspecified
  other impact by changing a certain sequence-number value, aka a "double
  fetch" vulnerability (bnc#1037994).
• CVE-2017-1000112: Prevent race condition in net-packet code that could
  have been exploited by unprivileged users to gain root
  access.(bnc#1052311).

The following non-security bugs were fixed:

• ALSA: Fix Lewisburg audio issue
• Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail
  (bsc#1055680)
• Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
• NFS: Cache aggressively when file is open for writing (bsc#1053933).
• NFS: Do drop directory dentry when error clearly requires it
  (bsc#1051932).
• NFS: Do not flush caches for a getattr that races with writeback
  (bsc#1053933).
• NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
• NFS: invalidate file size when taking a lock (bsc#1053933).
• PCI: fix hotplug related issues (bnc#1054247).
• af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
• avoid deadlock in xenbus (bnc#1047523).
• blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit
  transaction
• blkback/blktap: do not leak stack data via response ring (bsc#1042863
  XSA-216).
• cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
• cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
• fuse: do not use iocb after it may have been freed (bsc#1054706).
• fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
• fuse: fsync() did not return IO errors (bsc#1054076).
• fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
• gspca: konica: add missing endpoint sanity check (bsc#1050431).
• kabi/severities: Ignore zpci symbol changes (bsc#1054247)
• lib/mpi: mpi_read_raw_data(): fix nbits calculation
• media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
  ioctl (bsc#1050431).
• net: Fix RCU splat in af_key (bsc#1054093).
• powerpc/fadump: add reschedule point while releasing memory (bsc#1040609
  bsc#1024450).
• powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669
  bsc#1037667).
• powerpc/fadump: provide a helpful error message (bsc#1037669
  bsc#1037667).
• powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530,
  bsc#1052370).
• powerpc/slb: Force a full SLB flush when we insert for a bad EA
  (bsc#1054070).
• reiserfs: fix race in readdir (bsc#1039803).
• s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).
• s390/pci: fix handling of PEC 306 (bnc#1054247).
• s390/pci: improve error handling during fmb (de)registration
  (bnc#1054247).
• s390/pci: improve error handling during interrupt deregistration
  (bnc#1054247).
• s390/pci: improve pci hotplug (bnc#1054247).
• s390/pci: improve unreg_ioat error handling (bnc#1054247).
• s390/pci: introduce clp_get_state (bnc#1054247).
• s390/pci: provide more debug information (bnc#1054247).
• scsi: avoid system stall due to host_busy race (bsc#1031358).
• scsi: close race when updating blocked counters (bsc#1031358).
• ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
• supported.conf: clear mistaken external support flag for cifs.ko
  (bsc#1053802).
• tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
• uwb: fix device quirk on big-endian hosts (bsc#1036629).
• xfs: fix inobt inode allocation search optimization (bsc#1013018).