ESB-2017.2214 - [SUSE] kernel: Multiple vulnerabilities 2017-09-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2214
        SUSE Security Update: Security update for the Linux Kernel
                             5 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          kernel
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Root Compromise          -- Remote/Unauthenticated
                  Denial of Service        -- Remote/Unauthenticated
                  Access Confidential Data -- Existing Account      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-1000380 CVE-2017-1000365 CVE-2017-1000364
                  CVE-2017-1000363 CVE-2017-11473 CVE-2017-11176
                  CVE-2017-9242 CVE-2017-9077 CVE-2017-9076
                  CVE-2017-9075 CVE-2017-9074 CVE-2017-8925
                  CVE-2017-8924 CVE-2017-8890 CVE-2017-7616
                  CVE-2017-7542 CVE-2017-7533 CVE-2017-7487
                  CVE-2017-7482 CVE-2017-7308 CVE-2017-7294
                  CVE-2017-7261 CVE-2017-7187 CVE-2017-7184
                  CVE-2017-6951 CVE-2017-6353 CVE-2017-6348
                  CVE-2017-6214 CVE-2017-6074 CVE-2017-5986
                  CVE-2017-5970 CVE-2017-5669 CVE-2017-2671
                  CVE-2017-2647 CVE-2017-2636 CVE-2016-10200
                  CVE-2016-7117 CVE-2016-5243 CVE-2016-4998
                  CVE-2016-4997 CVE-2016-2188 CVE-2015-8970
                  CVE-2015-3288 CVE-2014-9922 

Reference:        ASB-2017.0067
                  ASB-2017.0032
                  ESB-2017.2162
                  ESB-2017.2150.2

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2342-1
Rating:             important
References:         #1003077 #1005651 #1008374 #1008850 #1008893 
                    #1012422 #1013018 #1013070 #1013800 #1013862 
                    #1016489 #1017143 #1018074 #1018263 #1018446 
                    #1019168 #1020229 #1021256 #1021913 #1022971 
                    #1023014 #1023051 #1023163 #1023888 #1024508 
                    #1024788 #1024938 #1025235 #1025702 #1026024 
                    #1026260 #1026722 #1026914 #1027066 #1027101 
                    #1027178 #1027565 #1028372 #1028415 #1028880 
                    #1029140 #1029212 #1029770 #1029850 #1030213 
                    #1030552 #1030573 #1030593 #1030814 #1031003 
                    #1031052 #1031440 #1031579 #1032141 #1032340 
                    #1032471 #1033287 #1033336 #1033771 #1033794 
                    #1033804 #1033816 #1034026 #1034670 #1035576 
                    #1035777 #1035920 #1036056 #1036288 #1036629 
                    #1037182 #1037183 #1037191 #1037193 #1037227 
                    #1037232 #1037233 #1037356 #1037358 #1037359 
                    #1037441 #1038544 #1038879 #1038981 #1038982 
                    #1039258 #1039348 #1039354 #1039456 #1039594 
                    #1039882 #1039883 #1039885 #1040069 #1040351 
                    #1041160 #1041431 #1041762 #1041975 #1042045 
                    #1042200 #1042615 #1042633 #1042687 #1042832 
                    #1043014 #1043234 #1043935 #1044015 #1044125 
                    #1044216 #1044230 #1044854 #1044882 #1044913 
                    #1044985 #1045154 #1045340 #1045356 #1045406 
                    #1045416 #1045525 #1045538 #1045547 #1045615 
                    #1046107 #1046122 #1046192 #1046715 #1047027 
                    #1047053 #1047343 #1047354 #1047487 #1047523 
                    #1047653 #1048185 #1048221 #1048232 #1048275 
                    #1049483 #1049603 #1049688 #1049882 #1050154 
                    #1050431 #1051478 #1051515 #1051770 #784815 
                    #792863 #799133 #870618 #909486 #909618 #911105 
                    #919382 #928138 #931620 #938352 #943786 #948562 
                    #962257 #970956 #971975 #972891 #979021 #982783 
                    #983212 #985561 #986362 #986365 #986924 #988065 
                    #989056 #990682 #991651 #995542 #999245 
Cross-References:   CVE-2014-9922 CVE-2015-3288 CVE-2015-8970
                    CVE-2016-10200 CVE-2016-2188 CVE-2016-4997
                    CVE-2016-4998 CVE-2016-5243 CVE-2016-7117
                    CVE-2017-1000363 CVE-2017-1000364 CVE-2017-1000365
                    CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473
                    CVE-2017-2636 CVE-2017-2647 CVE-2017-2671
                    CVE-2017-5669 CVE-2017-5970 CVE-2017-5986
                    CVE-2017-6074 CVE-2017-6214 CVE-2017-6348
                    CVE-2017-6353 CVE-2017-6951 CVE-2017-7184
                    CVE-2017-7187 CVE-2017-7261 CVE-2017-7294
                    CVE-2017-7308 CVE-2017-7482 CVE-2017-7487
                    CVE-2017-7533 CVE-2017-7542 CVE-2017-7616
                    CVE-2017-8890 CVE-2017-8924 CVE-2017-8925
                    CVE-2017-9074 CVE-2017-9075 CVE-2017-9076
                    CVE-2017-9077 CVE-2017-9242
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 44 vulnerabilities and has 135 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
     users to gain privileges via a large filesystem stack that includes an
     overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
     (bsc#1032340).
   - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous
     pages, which allowed local users to gain privileges or cause a denial of
     service (page tainting) via a crafted application that triggers writing
     to page zero (bnc#979021).
   - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
     verify that a setkey operation has been performed on an AF_ALG socket
     before an accept system call is processed, which allowed local users to
     cause a denial of service (NULL pointer dereference and system crash)
     via a crafted application that did not supply a key, related to the
     lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850).
   - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
     the Linux kernel allowed local users to gain privileges or cause a
     denial of service (use-after-free) by making multiple bind system calls
     without properly ascertaining whether a socket has the SOCK_ZAPPED
     status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
     (bnc#1028415).
   - CVE-2016-2188: The iowarrior_probe function in
     drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically
     proximate attackers to cause a denial of service (NULL pointer
     dereference and system crash) via a crafted endpoints value in a USB
     device descriptor (bnc#970956).
   - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
     setsockopt implementations in the netfilter subsystem in the Linux
     kernel allow local users to gain privileges or cause a denial of service
     (memory corruption) by leveraging in-container root access to provide a
     crafted offset value that triggers an unintended decrement (bnc#986362).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bnc#986365).
   - CVE-2016-5243: The tipc_nl_compat_link_dump function in
     net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
     certain string, which allowed local users to obtain sensitive
     information from kernel stack memory by reading a Netlink message
     (bnc#983212).
   - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
     function in net/socket.c in the Linux kernel allowed remote attackers to
     execute arbitrary code via vectors involving a recvmmsg system call that
     is mishandled during error processing (bnc#1003077).
   - CVE-2017-1000363: A buffer overflow in kernel commandline handling of
     the "lp" parameter could be used to bypass certain secure boot settings.
     (bnc#1039456).
   - CVE-2017-1000364: An issue was discovered in the size of the stack guard
     page on Linux, specifically a 4k stack guard page is not sufficiently
     large and can be "jumped" over (the stack guard page is bypassed), this
     affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
     was introduced in 2010) (bnc#1039348).
   - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
     arguments and environmental strings passed through
     RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
     argument and environment pointers into account, which allowed attackers
     to bypass this limitation (bnc#1039354).
   - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
     to a data race in the ALSA /dev/snd/timer driver resulting in local
     users being able to read information belonging to other users, i.e.,
     uninitialized memory contents may be disclosed when a read and an ioctl
     happen at the same time (bnc#1044125).
   - CVE-2017-11176: The mq_notify function in the Linux kernel did not set
     the sock pointer to NULL upon entry into the retry logic. During a
     user-space close of a Netlink socket, it allowed attackers to cause a
     denial of service (use-after-free) or possibly have unspecified other
     impact (bnc#1048275).
   - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
     in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
     to gain privileges via a crafted ACPI table (bsc#1049603).
   - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (double free) by setting the HDLC line discipline (bnc#1027565
     bsc#1028372).
   - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (NULL pointer
     dereference and system crash) via vectors involving a NULL value for a
     certain match field, related to the keyring_search_iterator function in
     keyring.c (bnc#1030593).
   - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
     kernel is too late in obtaining a certain lock and consequently cannot
     ensure that disconnect function calls are safe, which allowed local
     users to cause a denial of service (panic) by leveraging access to the
     protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
   - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
     did not restrict the address calculated by a certain rounding operation,
     which allowed local users to map page zero, and consequently bypass a
     protection mechanism that exists for the mmap system call, by making
     crafted shmget and shmat system calls in a privileged context
     (bnc#1026914).
   - CVE-2017-5970: The ipv4_pktinfo_prepare function in
     net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
     denial of service (system crash) via (1) an application that made
     crafted system calls or possibly (2) IPv4 traffic with invalid IP
     options (bnc#1024938).
   - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
     net/sctp/socket.c in the Linux kernel allowed local users to cause a
     denial of service (assertion failure and panic) via a multithreaded
     application that peels off an association in a certain buffer-full state
     (bnc#1025235).
   - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
     in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
     in the LISTEN state, which allowed local users to obtain root privileges
     or cause a denial of service (double free) via an application that made
     an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287).
   - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
     Linux kernel allowed remote attackers to cause a denial of service
     (infinite loop and soft lockup) via vectors involving a TCP packet with
     the URG flag (bnc#1026722).
   - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
     Linux kernel improperly manages lock dropping, which allowed local users
     to cause a denial of service (deadlock) via crafted operations on IrDA
     devices (bnc#1027178).
   - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
     restrict association peel-off operations during certain wait states,
     which allowed local users to cause a denial of service (invalid unlock
     and double free) via a multithreaded application.  NOTE: this
     vulnerability exists because of an incorrect fix for CVE-2017-5986
     (bnc#1027066).
   - CVE-2017-6951: The keyring_search_aux function in
     security/keys/keyring.c in the Linux kernel allowed local users to cause
     a denial of service (NULL pointer dereference and OOPS) via a
     request_key system call for the "dead" type (bnc#1029850).
   - CVE-2017-7184: The xfrm_replay_verify_len function in
     net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
     data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
     root privileges or cause a denial of service (heap-based out-of-bounds
     access) by leveraging the CAP_NET_ADMIN capability, as demonstrated
     during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10
     linux-image-* package 4.8.0.41.52 (bnc#1030573).
   - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
     kernel allowed local users to cause a denial of service (stack-based
     buffer overflow) or possibly have unspecified other impact via a large
     command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
     write access in the sg_write function (bnc#1030213).
   - CVE-2017-7261: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     check for a zero value of certain levels data, which allowed local users
     to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
     possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
     (bnc#1031052).
   - CVE-2017-7294: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate addition of certain levels data, which allowed local users to
     trigger an integer overflow and out-of-bounds write, and cause a denial
     of service (system hang or crash) or possibly gain privileges, via a
     crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
   - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
     the Linux kernel did not properly validate certain block-size data,
     which allowed local users to cause a denial of service (integer
     signedness error and out-of-bounds write), or gain privileges (if the
     CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).
   - CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a
     padded len isn't checked in ticket decode (bsc#1046107).
   - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
     Linux kernel mishandled reference counts, which allowed local users to
     cause a denial of service (use-after-free) or possibly have unspecified
     other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
     (bnc#1038879).
   - CVE-2017-7533: Race condition in the fsnotify implementation in the
     Linux kernel allowed local users to gain privileges or cause a denial of
     service (memory corruption) via a crafted application that leverages
     simultaneous execution of the inotify_handle_event and vfs_rename
     functions (bsc#1049483).
   - CVE-2017-7542: The ip6_find_1stfragopt function in
     net/ipv6/output_core.c in the Linux kernel allowed local users to cause
     a denial of service (integer overflow and infinite loop) by leveraging
     the ability to open a raw socket (bsc#1049882).
   - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
     compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
     users to obtain sensitive information from uninitialized stack data by
     triggering failure of a certain bitmap operation (bnc#1033336).
   - CVE-2017-8890: The inet_csk_clone_lock function in
     net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
     cause a denial of service (double free) or possibly have unspecified
     other impact by leveraging use of the accept system call (bnc#1038544).
   - CVE-2017-8924: The edge_bulk_in_callback function in
     drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
     obtain sensitive information (in the dmesg ringbuffer and syslog) from
     uninitialized kernel memory by using a crafted USB device (posing as an
     io_ti USB serial device) to trigger an integer underflow (bnc#1037182
     bsc#1038982).
   - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
     in the Linux kernel allowed local users to cause a denial of service
     (tty exhaustion) by leveraging reference count mishandling (bnc#1037183
     bsc#1038981).
   - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
     did not consider that the nexthdr field may be associated with an
     invalid option, which allowed local users to cause a denial of service
     (out-of-bounds read and BUG) or possibly have unspecified other impact
     via crafted socket and send system calls (bnc#1039882).
   - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).
   - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).
   - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).
   - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bnc#1041431).

   The following non-security bugs were fixed:

   - 8250: use callbacks to access UART_DLL/UART_DLM.
   - acpi: Disable APEI error injection if securelevel is set (bsc#972891,
     bsc#1023051).
   - af_key: Add lock to key dump (bsc#1047653).
   - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
   - alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
   - alsa: hda - Fix regression of HD-audio controller fallback modes
     (bsc#1045538).
   - alsa: hda/realtek - Correction of fixup codes for PB V7900 laptop
     (bsc#1045538).
   - alsa: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
     (bsc#1045538).
   - alsa: hda - using uninitialized data (bsc#1045538).
   - alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
   - alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
   - ath9k: fix buffer overrun for ar9287 (bsc#1045538).
   - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
   - blacklist.conf: Add a few inapplicable items (bsc#1045538).
   - blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122)
   - block: do not allow updates through sysfs until registration completes
     (bsc#1047027).
   - block: fix ext_dev_lock lockdep report (bsc#1050154).
   - btrfs: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - cifs: backport prepath matching fix (bsc#799133).
   - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode
     numbers are in use (bsc#1041975).
   - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
   - cifs: Timeout on SMBNegotiate request (bsc#1044913).
   - clocksource: Remove "weak" from clocksource_default_clock() declaration
     (bnc#1013018).
   - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
   - crypto: nx - off by one bug in nx_of_update_msc()
     (fate#314588,bnc#792863).
   - decompress_bunzip2: off by one in get_next_block() (git-fixes).
   - devres: fix a for loop bounds check (git-fixes).
   - dlm: backport "fix lvb invalidation conditions" (bsc#1005651).
   - dm: fix ioctl retry termination with signal (bsc#1050154).
   - drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551)
   - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)
   - edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
     (fate#313937).
   - enic: set skb->hash type properly (bsc#911105 FATE#317501).
   - ext2: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - ext3: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: fix fdatasync(2) after extent manipulation operations
     (bsc#1013018).
   - ext4: fix mballoc breakage with 64k block size (bsc#1013018).
   - ext4: fix stack memory corruption with 64k block size (bsc#1013018).
   - ext4: keep existing extra fields when inode expands (bsc#1013018).
   - ext4: reject inodes with negative size (bsc#1013018).
   - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
   - firmware: fix directory creation rule matching with make 3.80
     (bsc#1012422).
   - firmware: fix directory creation rule matching with make 3.82
     (bsc#1012422).
   - fixed invalid assignment of 64bit mask to host dma_boundary for scatter
     gather segment boundary limit (bsc#1042045).
   - Fix soft lockup in svc_rdma_send (bsc#1044854).
   - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
   - fnic: Using rport->dd_data to check rport online instead of rport_lookup
     (bsc#1035920).
   - fs/block_dev: always invalidate cleancache in invalidate_bdev()
     (git-fixes).
   - fs: fix data invalidation in the cleancache during direct IO (git-fixes).
   - fs/xattr.c: zero out memory copied to userspace in getxattr
     (bsc#1013018).
   - fuse: add missing FR_FORCE (bsc#1013018).
   - fuse: initialize fc->release before calling it (bsc#1013018).
   - genirq: Prevent proc race against freeing of irq descriptors
     (bnc#1044230).
   - hrtimer: Allow concurrent hrtimer_start() for self restarting timers
     (bnc#1013018).
   - i40e: avoid null pointer dereference (bsc#909486 FATE#317393).
   - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).
   - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx
     (bsc#985561).
   - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).
   - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per
     packet (bsc#985561).
   - i40e/i40evf: Rewrite logic for 8 descriptor per packet check
     (bsc#985561).
   - i40e: Impose a lower limit on gso size (bsc#985561).
   - i40e: Limit TX descriptor count in cases where frag size is greater than
     16K (bsc#985561).
   - ib/mlx4: Demote mcg message from warning to debug (bsc#919382).
   - ib/mlx4: Fix ib device initialization error flow (bsc#919382).
   - ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
   - ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
   - ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
     (bsc#919382).
   - ib/mlx4: Set traffic class in AH (bsc#919382).
   - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
     operation (bsc#1036288).
   - initial cr0 bits (bnc#1036056, LTC#153612).
   - input: cm109 - validate number of endpoints before using them
     (bsc#1037193).
   - input: hanwang - validate number of endpoints before using them
     (bsc#1037232).
   - input: yealink - validate number of endpoints before using them
     (bsc#1037227).
   - ipmr, ip6mr: fix scheduling while atomic and a deadlock with
     ipmr_get_route (git-fixes).
   - irq: Fix race condition (bsc#1042615).
   - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
   - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
   - jbd: do not wait (forever) for stale tid caused by wraparound
     (bsc#1020229).
   - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).
   - jsm: add support for additional Neo cards (bsc#1045615).
   - kabi fix (bsc#1008893).
   - kABI: mask struct xfs_icdinode change (bsc#1024788).
   - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).
   - kabi:severeties: Add splice_write_to_file PASS This function is part of
     an xfs-specific fix which never went upstream and is not expected to
     have 3rdparty users other than xfs itself.
   - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
   - keys: Disallow keyrings beginning with '.' to be joined as session
     keyrings (bnc#1035576).
   - kvm: kvm_io_bus_unregister_dev() should never fail.
   - libata: fix sff host state machine locking while polling (bsc#1045525).
   - libceph: NULL deref on crush_decode() error path (bsc#1044015).
   - libceph: potential NULL dereference in ceph_msg_data_create()
     (bsc#1051515).
   - libfc: fixup locking in fc_disc_stop() (bsc#1029140).
   - libfc: move 'pending' and 'requested' setting (bsc#1029140).
   - libfc: only restart discovery after timeout if not already running
     (bsc#1029140).
   - lockd: use init_utsname for id encoding (bsc#1033804).
   - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).
   - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
   - math64: New div64_u64_rem helper (bnc#938352).
   - md: ensure md devices are freed before module is unloaded (git-fixes).
   - md: fix a null dereference (bsc#1040351).
   - md: flush ->event_work before stopping array (git-fixes).
   - md linear: fix a race between linear_add() and linear_congested()
     (bsc#1018446).
   - md/linear: shutup lockdep warnning (bsc#1018446).
   - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
     (git-fixes).
   - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
   - md/raid1: extend spinlock to protect raid1_end_read_request against
     inconsistencies (git-fixes).
   - md/raid1: fix test for 'was read error from last working device'
     (git-fixes).
   - md/raid5: do not record new size if resize_stripes fails (git-fixes).
   - md/raid5: Fix CPU hotplug callback registration (git-fixes).
   - md: use separate bio_pool for metadata writes (bsc#1040351).
   - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
   - mlx4: reduce OOM risk on arches with large pages (bsc#919382).
   - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
     (bsc#1045547).
   - mmc: ushc: fix NULL-deref at probe (bsc#1037191).
   - mm: do not collapse stack gap into THP (bnc#1039348)
   - mm: enlarge stack guard gap (bnc#1039348).
   - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
     Functionality, bsc#1042832).
   - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
     Functionality, bsc#1042832).
   - mm/memory-failure.c: use compound_head() flags for huge pages
     (bnc#971975 VM -- git fixes).
   - mm/mempolicy.c: do not put mempolicy before using its nodemask
     (References: VM Performance, bnc#931620).
   - mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack
     (bnc#1039348, bnc#1045340, bnc#1045406).
   - module: fix memory leak on early load_module() failures (bsc#1043014).
   - Move nr_cpus_allowed into a hole in struct_sched_entity instead of the
     one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which
     will screw up kABI for RT instead of curing the space needed problem in
     sched_rt_entity caused by adding ff77e4685359. This leaves
     nr_cpus_alowed in an odd spot, but safely allows the RT entity specific
     data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed
     just moves from one odd spot to another.
   - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
   - net: avoid reference counter overflows on fib_rules in multicast
     forwarding (git-fixes).
   - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
     (bsc#919382).
   - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
     physical (bsc#919382).
   - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
     new probed PFs (bsc#919382).
   - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
     VGT transitions (bsc#919382).
   - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
   - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
   - net/mlx4_core: Use-after-free causes a resource leak in flow-steering
     detach (bsc#919382).
   - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
     (bsc#919382).
   - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
   - net/mlx4_en: Change the error print to debug print (bsc#919382).
   - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
   - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
   - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
   - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
   - net/mlx4: Fix the check in attaching steering rules (bsc#919382).
   - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
     to device managed flow steering (bsc#919382).
   - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
   - netxen_nic: set rcode to the return status from the call to
     netxen_issue_cmd (bnc#784815 FATE#313898).
   - nfs: Avoid getting confused by confused server (bsc#1045416).
   - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
   - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
   - nfsd: do not risk using duplicate owner/file/delegation ids
     (bsc#1029212).
   - nfsd: Don't use state id of 0 - it is reserved (bsc#1049688 bsc#1051770).
   - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
   - nfs: Fix another OPEN_DOWNGRADE bug (git-next).
   - nfs: fix nfs_size_to_loff_t (git-fixes).
   - nfs: Fix size of NFSACL SETACL operations (git-fixes).
   - nfs: Make nfs_readdir revalidate less often (bsc#1048232).
   - nfs: tidy up nfs_show_mountd_netid (git-fixes).
   - nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
   - nfsv4: Fix another bug in the close/open_downgrade code (git-fixes).
   - nfsv4: fix getacl head length estimation (git-fixes).
   - nfsv4: Fix problems with close in the presence of a delegation
     (git-fixes).
   - nfsv4: Fix the underestimation of delegation XDR space reservation
     (git-fixes).
   - ocfs2: do not write error flag to user structure we cannot copy from/to
     (bsc#1013018).
   - ocfs2: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).
   - ocfs2: fix error return code in ocfs2_info_handle_freefrag()
     (bsc#1013018).
   - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
     ocfs2_unblock_lock (bsc#962257).
   - ocfs2: null deref on allocation error (bsc#1013018).
   - pci: Allow access to VPD attributes with size 0 (bsc#1018074).
   - pciback: only check PF if actually dealing with a VF (bsc#999245).
   - pciback: use pci_physfn() (bsc#999245).
   - pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
   - perf/core: Fix event inheritance on fork() (bnc#1013018).
   - posix-timers: Fix stack info leak in timer_create() (bnc#1013018).
   - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting
     smt_snooze_delay (bsc#1023163).
   - powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471).
   - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
   - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM
     (bsc#1032141).
   - powerpc/fadump: Update fadump documentation (bsc#1032141).
   - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
     (bsc#928138,fate#319026).
   - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
     (fate#322495, bsc#1032471).
   - powerpc/mm/hash: Convert mask to unsigned long (fate#322495,
     bsc#1032471).
   - powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471).
   - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
     (fate#322495, bsc#1032471).
   - powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471).
   - powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495,
     bsc#1032471).
   - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
     (fate#322495, bsc#1032471).
   - powerpc/mm/slice: Convert slice_mask high slice to a bitmap
     (fate#322495, bsc#1032471).
   - powerpc/mm/slice: Fix off-by-1 error when computing slice mask
     (fate#322495, bsc#1032471).
   - powerpc/mm/slice: Move slice_mask struct definition to slice.c
     (fate#322495, bsc#1032471).
   - powerpc/mm/slice: Update slice mask printing to use bitmap printing
     (fate#322495, bsc#1032471).
   - powerpc/mm/slice: Update the function prototype (fate#322495,
     bsc#1032471).
   - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
     (fate#322495, bsc#1032471).
   - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).
   - powerpc/pseries: Release DRC when configure_connector fails
     (bsc#1035777, Pending Base Kernel Fixes).
   - powerpc: Remove STAB code (fate#322495, bsc#1032471).
   - powerpc/vdso64: Use double word compare on pointers (bsc#1016489).
   - raid1: avoid unnecessary spin locks in I/O barrier code
     (bsc#982783,bsc#1026260).
   - random32: fix off-by-one in seeding requirement (git-fixes).
   - rcu: Call out dangers of expedited RCU primitives (bsc#1008893).
   - rcu: Direct algorithmic SRCU implementation (bsc#1008893).
   - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).
   - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).
   - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).
   - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).
   - reiserfs: Don't clear SGID when inheriting ACLs (bsc#1030552).
   - reiserfs: don't preallocate blocks for extended attributes (bsc#990682).
   - Remove patches causing regression (bsc#1043234)
   - Remove superfluous make flags (bsc#1012422)
   - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
   - Revert "kabi:severeties: Add splice_write_to_file PASS" This reverts
     commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2.
   - Revert "math64: New div64_u64_rem helper" (bnc#938352).
   - Revert "xfs: fix up xfs_swap_extent_forks inline extent handling
     (bsc#1023888)." I was baing my assumption of SLE11-SP4 needing this
     patch on an old kernel build (3.0.101-63). Re-testing with the latest
     one 3.0.101-94 shows that the issue is not present. Furthermore this one
     was causing some crashes. This reverts commit
     16ceeac70f7286b6232861c3170ed32e39dcc68c.
   - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
   - s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573).
   - s390/qdio: clear DSCI prior to scanning multiple input queues
     (bnc#1046715, LTC#156234).
   - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
   - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
   - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144).
   - s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505).
   - sched: Always initialize cpu-power (bnc#1013018).
   - sched: Avoid cputime scaling overflow (bnc#938352).
   - sched: Avoid prev->stime underflow (bnc#938352).
   - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).
   - sched/core: Remove false-positive warning from wake_up_process()
     (bnc#1044882).
   - sched/cputime: Do not scale when utime == 0 (bnc#938352).
   - sched/debug: Print the scheduler topology group mask (bnc#1013018).
   - sched: Do not account bogus utime (bnc#938352).
   - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
   - sched/fair: Fix min_vruntime tracking (bnc#1013018).
   - sched: Fix domain iteration (bnc#1013018).
   - sched: Fix SD_OVERLAP (bnc#1013018).
   - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
     systems (bnc#1013018).
   - sched: Lower chances of cputime scaling overflow (bnc#938352).
   - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
     (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
     tracking
   - sched: Rename a misleading variable in build_overlap_sched_groups()
     (bnc#1013018).
   - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
     for b60205c7c558 sched/fair: Fix min_vruntime tracking
   - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
   - sched/topology: Move comment about asymmetric node setups (bnc#1013018).
   - sched/topology: Optimize build_group_mask() (bnc#1013018).
   - sched/topology: Refactor function build_overlap_sched_groups()
     (bnc#1013018).
   - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
   - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
   - sched/topology: Verify the first group matches the child domain
     (bnc#1013018).
   - sched: Use swap() macro in scale_stime() (bnc#938352).
   - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
   - scsi: fix race between simultaneous decrements of ->host_failed
     (bsc#1050154).
   - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
     (bsc#1035920).
   - scsi: mvsas: fix command_active typo (bsc#1050154).
   - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
     (bsc#1050154).
   - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).
   - scsi: zfcp: do not trace pure benign residual HBA responses at default
     level (bnc#1025702, LTC#151317).
   - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702,
     LTC#151319).
   - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on
     failed send (bnc#1025702, LTC#151365).
   - scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
     (bnc#1025702, LTC#151312).
   - sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521).
   - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
   - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - splice: Stub splice_write_to_file (bsc#1043234).
   - sunrpc: Clean up the slot table allocation (bsc#1013862).
   - sunrpc: Fix a memory leak in the backchannel code (git-fixes).
   - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).
   - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
   - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
   - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).
   - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
   - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
   - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
   - udf: Fix races with i_size changes during readpage (bsc#1013018).
   - Update metadata for serial fixes (bsc#1013070)
   - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
   - usb: cdc-acm: fix broken runtime suspend (bsc#1033771).
   - usb: cdc-acm: fix open and suspend race (bsc#1033771).
   - usb: cdc-acm: fix potential urb leak and PM imbalance in write
     (bsc#1033771).
   - usb: cdc-acm: fix runtime PM for control messages (bsc#1033771).
   - usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).
   - usb: cdc-acm: fix shutdown and suspend race (bsc#1033771).
   - usb: cdc-acm: fix write and resume race (bsc#1033771).
   - usb: cdc-acm: fix write and suspend race (bsc#1033771).
   - usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
   - usb: class: usbtmc: do not print error when allocating urb fails
     (bsc#1036288).
   - usb: class: usbtmc: do not print on ENOMEM (bsc#1036288).
   - usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453).
   - usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
   - usb: iowarrior: fix NULL-deref in write (bsc#1037359).
   - usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
   - usb: serial: ark3116: fix register-accessor error handling (git-fixes).
   - usb: serial: ch341: fix open error handling (bsc#1037441).
   - usb: serial: cp210x: fix tiocmget error handling (bsc#1037441).
   - usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
   - usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
   - usb: serial: io_ti: fix information leak in completion handler
     (git-fixes).
   - usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).
   - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
   - usb: serial: mos7720: fix NULL-deref at open (bsc#1033816).
   - usb: serial: mos7720: fix parallel probe (bsc#1033816).
   - usb: serial: mos7720: fix parport use-after-free on probe errors
     (bsc#1033816).
   - usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).
   - usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
   - usb: serial: mos7840: fix NULL-deref at open (bsc#1034026).
   - usb: serial: oti6858: fix NULL-deref at open (bsc#1037441).
   - usb: serial: sierra: fix bogus alternate-setting assumption
     (bsc#1037441).
   - usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
   - usbtmc: remove redundant braces (bsc#1036288).
   - usbtmc: remove trailing spaces (bsc#1036288).
   - usb: usbip: fix nonconforming hub descriptor (bsc#1047487).
   - usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
   - usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
   - usb: usbtmc: add missing endpoint sanity check (bsc#1036288).
   - usb: usbtmc: Change magic number to constant (bsc#1036288).
   - usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
   - usb: usbtmc: fix DMA on stack (bsc#1036288).
   - usb: usbtmc: fix probe error path (bsc#1036288).
   - usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
   - usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
   - usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
     (bsc#1036288).
   - usbvision: fix NULL-deref at probe (bsc#1050431).
   - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
     (bsc#1023014).
   - Use make --output-sync feature when available (bsc#1012422). The mesages
     in make output can interleave making it impossible to extract warnings
     reliably. Since version 4 GNU Make supports --output-sync flag that
     prints output of each sub-command atomically preventing this issue.
     Detect the flag and use it if available. SLE11 has make 3.81 so it is
     required to include make 4 in the kernel OBS projects to take advantege
     of this.
   - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).
   - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
   - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
   - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
   - vfs: split generic splice code from i_mutex locking (bsc#1024788).
   - vmxnet3: avoid calling pskb_may_pull with interrupts disabled
     (bsc#1045356).
   - vmxnet3: fix checks for dma mapping errors (bsc#1045356).
   - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
   - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).
   - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
     (bsc#948562).
   - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
     (bsc#1051478).
   - xen: avoid deadlock in xenbus (bnc#1047523).
   - xen-blkfront: correct maximum segment accounting (bsc#1018263).
   - xen-blkfront: do not call talk_to_blkback when already connected to
     blkback.
   - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
   - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
   - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
   - xfrm: NULL dereference on allocation failure (bsc#1047343).
   - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
   - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
   - xfs: do not assert fail on non-async buffers on ioacct decrement
     (bsc#1024508).
   - xfs: exclude never-released buffers from buftarg I/O accounting
     (bsc#1024508).
   - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
   - xfs: Fix lock ordering in splice write (bsc#1024788).
   - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
   - xfs: kill xfs_itruncate_start (bsc#1024788).
   - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).
   - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).
   - xfs: remove the i_size field in struct xfs_inode (bsc#1024788).
   - xfs: remove xfs_itruncate_data (bsc#1024788).
   - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).
   - xfs: split xfs_itruncate_finish (bsc#1024788).
   - xfs: split xfs_setattr (bsc#1024788).
   - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
   - xfs: track and serialize in-flight async buffers against unmount
     (bsc#1024508).
   - xfs: use ->b_state to fix buffer I/O accounting release race
     (bsc#1041160).
   - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-rt-13262=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-rt-13262=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      kernel-rt-3.0.101.rt130-69.5.1
      kernel-rt-base-3.0.101.rt130-69.5.1
      kernel-rt-devel-3.0.101.rt130-69.5.1
      kernel-rt_trace-3.0.101.rt130-69.5.1
      kernel-rt_trace-base-3.0.101.rt130-69.5.1
      kernel-rt_trace-devel-3.0.101.rt130-69.5.1
      kernel-source-rt-3.0.101.rt130-69.5.1
      kernel-syms-rt-3.0.101.rt130-69.5.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

      kernel-rt-debuginfo-3.0.101.rt130-69.5.1
      kernel-rt-debugsource-3.0.101.rt130-69.5.1
      kernel-rt_debug-debuginfo-3.0.101.rt130-69.5.1
      kernel-rt_debug-debugsource-3.0.101.rt130-69.5.1
      kernel-rt_trace-debuginfo-3.0.101.rt130-69.5.1
      kernel-rt_trace-debugsource-3.0.101.rt130-69.5.1


References:

   https://www.suse.com/security/cve/CVE-2014-9922.html
   https://www.suse.com/security/cve/CVE-2015-3288.html
   https://www.suse.com/security/cve/CVE-2015-8970.html
   https://www.suse.com/security/cve/CVE-2016-10200.html
   https://www.suse.com/security/cve/CVE-2016-2188.html
   https://www.suse.com/security/cve/CVE-2016-4997.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5243.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2017-1000363.html
   https://www.suse.com/security/cve/CVE-2017-1000364.html
   https://www.suse.com/security/cve/CVE-2017-1000365.html
   https://www.suse.com/security/cve/CVE-2017-1000380.html
   https://www.suse.com/security/cve/CVE-2017-11176.html
   https://www.suse.com/security/cve/CVE-2017-11473.html
   https://www.suse.com/security/cve/CVE-2017-2636.html
   https://www.suse.com/security/cve/CVE-2017-2647.html
   https://www.suse.com/security/cve/CVE-2017-2671.html
   https://www.suse.com/security/cve/CVE-2017-5669.html
   https://www.suse.com/security/cve/CVE-2017-5970.html
   https://www.suse.com/security/cve/CVE-2017-5986.html
   https://www.suse.com/security/cve/CVE-2017-6074.html
   https://www.suse.com/security/cve/CVE-2017-6214.html
   https://www.suse.com/security/cve/CVE-2017-6348.html
   https://www.suse.com/security/cve/CVE-2017-6353.html
   https://www.suse.com/security/cve/CVE-2017-6951.html
   https://www.suse.com/security/cve/CVE-2017-7184.html
   https://www.suse.com/security/cve/CVE-2017-7187.html
   https://www.suse.com/security/cve/CVE-2017-7261.html
   https://www.suse.com/security/cve/CVE-2017-7294.html
   https://www.suse.com/security/cve/CVE-2017-7308.html
   https://www.suse.com/security/cve/CVE-2017-7482.html
   https://www.suse.com/security/cve/CVE-2017-7487.html
   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7542.html
   https://www.suse.com/security/cve/CVE-2017-7616.html
   https://www.suse.com/security/cve/CVE-2017-8890.html
   https://www.suse.com/security/cve/CVE-2017-8924.html
   https://www.suse.com/security/cve/CVE-2017-8925.html
   https://www.suse.com/security/cve/CVE-2017-9074.html
   https://www.suse.com/security/cve/CVE-2017-9075.html
   https://www.suse.com/security/cve/CVE-2017-9076.html
   https://www.suse.com/security/cve/CVE-2017-9077.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1005651
   https://bugzilla.suse.com/1008374
   https://bugzilla.suse.com/1008850
   https://bugzilla.suse.com/1008893
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1013070
   https://bugzilla.suse.com/1013800
   https://bugzilla.suse.com/1013862
   https://bugzilla.suse.com/1016489
   https://bugzilla.suse.com/1017143
   https://bugzilla.suse.com/1018074
   https://bugzilla.suse.com/1018263
   https://bugzilla.suse.com/1018446
   https://bugzilla.suse.com/1019168
   https://bugzilla.suse.com/1020229
   https://bugzilla.suse.com/1021256
   https://bugzilla.suse.com/1021913
   https://bugzilla.suse.com/1022971
   https://bugzilla.suse.com/1023014
   https://bugzilla.suse.com/1023051
   https://bugzilla.suse.com/1023163
   https://bugzilla.suse.com/1023888
   https://bugzilla.suse.com/1024508
   https://bugzilla.suse.com/1024788
   https://bugzilla.suse.com/1024938
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1025702
   https://bugzilla.suse.com/1026024
   https://bugzilla.suse.com/1026260
   https://bugzilla.suse.com/1026722
   https://bugzilla.suse.com/1026914
   https://bugzilla.suse.com/1027066
   https://bugzilla.suse.com/1027101
   https://bugzilla.suse.com/1027178
   https://bugzilla.suse.com/1027565
   https://bugzilla.suse.com/1028372
   https://bugzilla.suse.com/1028415
   https://bugzilla.suse.com/1028880
   https://bugzilla.suse.com/1029140
   https://bugzilla.suse.com/1029212
   https://bugzilla.suse.com/1029770
   https://bugzilla.suse.com/1029850
   https://bugzilla.suse.com/1030213
   https://bugzilla.suse.com/1030552
   https://bugzilla.suse.com/1030573
   https://bugzilla.suse.com/1030593
   https://bugzilla.suse.com/1030814
   https://bugzilla.suse.com/1031003
   https://bugzilla.suse.com/1031052
   https://bugzilla.suse.com/1031440
   https://bugzilla.suse.com/1031579
   https://bugzilla.suse.com/1032141
   https://bugzilla.suse.com/1032340
   https://bugzilla.suse.com/1032471
   https://bugzilla.suse.com/1033287
   https://bugzilla.suse.com/1033336
   https://bugzilla.suse.com/1033771
   https://bugzilla.suse.com/1033794
   https://bugzilla.suse.com/1033804
   https://bugzilla.suse.com/1033816
   https://bugzilla.suse.com/1034026
   https://bugzilla.suse.com/1034670
   https://bugzilla.suse.com/1035576
   https://bugzilla.suse.com/1035777
   https://bugzilla.suse.com/1035920
   https://bugzilla.suse.com/1036056
   https://bugzilla.suse.com/1036288
   https://bugzilla.suse.com/1036629
   https://bugzilla.suse.com/1037182
   https://bugzilla.suse.com/1037183
   https://bugzilla.suse.com/1037191
   https://bugzilla.suse.com/1037193
   https://bugzilla.suse.com/1037227
   https://bugzilla.suse.com/1037232
   https://bugzilla.suse.com/1037233
   https://bugzilla.suse.com/1037356
   https://bugzilla.suse.com/1037358
   https://bugzilla.suse.com/1037359
   https://bugzilla.suse.com/1037441
   https://bugzilla.suse.com/1038544
   https://bugzilla.suse.com/1038879
   https://bugzilla.suse.com/1038981
   https://bugzilla.suse.com/1038982
   https://bugzilla.suse.com/1039258
   https://bugzilla.suse.com/1039348
   https://bugzilla.suse.com/1039354
   https://bugzilla.suse.com/1039456
   https://bugzilla.suse.com/1039594
   https://bugzilla.suse.com/1039882
   https://bugzilla.suse.com/1039883
   https://bugzilla.suse.com/1039885
   https://bugzilla.suse.com/1040069
   https://bugzilla.suse.com/1040351
   https://bugzilla.suse.com/1041160
   https://bugzilla.suse.com/1041431
   https://bugzilla.suse.com/1041762
   https://bugzilla.suse.com/1041975
   https://bugzilla.suse.com/1042045
   https://bugzilla.suse.com/1042200
   https://bugzilla.suse.com/1042615
   https://bugzilla.suse.com/1042633
   https://bugzilla.suse.com/1042687
   https://bugzilla.suse.com/1042832
   https://bugzilla.suse.com/1043014
   https://bugzilla.suse.com/1043234
   https://bugzilla.suse.com/1043935
   https://bugzilla.suse.com/1044015
   https://bugzilla.suse.com/1044125
   https://bugzilla.suse.com/1044216
   https://bugzilla.suse.com/1044230
   https://bugzilla.suse.com/1044854
   https://bugzilla.suse.com/1044882
   https://bugzilla.suse.com/1044913
   https://bugzilla.suse.com/1044985
   https://bugzilla.suse.com/1045154
   https://bugzilla.suse.com/1045340
   https://bugzilla.suse.com/1045356
   https://bugzilla.suse.com/1045406
   https://bugzilla.suse.com/1045416
   https://bugzilla.suse.com/1045525
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1045547
   https://bugzilla.suse.com/1045615
   https://bugzilla.suse.com/1046107
   https://bugzilla.suse.com/1046122
   https://bugzilla.suse.com/1046192
   https://bugzilla.suse.com/1046715
   https://bugzilla.suse.com/1047027
   https://bugzilla.suse.com/1047053
   https://bugzilla.suse.com/1047343
   https://bugzilla.suse.com/1047354
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1047523
   https://bugzilla.suse.com/1047653
   https://bugzilla.suse.com/1048185
   https://bugzilla.suse.com/1048221
   https://bugzilla.suse.com/1048232
   https://bugzilla.suse.com/1048275
   https://bugzilla.suse.com/1049483
   https://bugzilla.suse.com/1049603
   https://bugzilla.suse.com/1049688
   https://bugzilla.suse.com/1049882
   https://bugzilla.suse.com/1050154
   https://bugzilla.suse.com/1050431
   https://bugzilla.suse.com/1051478
   https://bugzilla.suse.com/1051515
   https://bugzilla.suse.com/1051770
   https://bugzilla.suse.com/784815
   https://bugzilla.suse.com/792863
   https://bugzilla.suse.com/799133
   https://bugzilla.suse.com/870618
   https://bugzilla.suse.com/909486
   https://bugzilla.suse.com/909618
   https://bugzilla.suse.com/911105
   https://bugzilla.suse.com/919382
   https://bugzilla.suse.com/928138
   https://bugzilla.suse.com/931620
   https://bugzilla.suse.com/938352
   https://bugzilla.suse.com/943786
   https://bugzilla.suse.com/948562
   https://bugzilla.suse.com/962257
   https://bugzilla.suse.com/970956
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/972891
   https://bugzilla.suse.com/979021
   https://bugzilla.suse.com/982783
   https://bugzilla.suse.com/983212
   https://bugzilla.suse.com/985561
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986924
   https://bugzilla.suse.com/988065
   https://bugzilla.suse.com/989056
   https://bugzilla.suse.com/990682
   https://bugzilla.suse.com/991651
   https://bugzilla.suse.com/995542
   https://bugzilla.suse.com/999245

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWa4LMox+lLeg9Ub1AQg+RxAAhso0BdFlQj8sAxW534XH9/F8Gkw33rzf
OxhZqn/mSq+8o884kzFAEXjXSnF1+V++z/S5vm18xGDTAHtoBW58rIksD/qg158u
Of9GM7TUMyOY9MS33lQMcRlC4X/MqHngJMpTq4BS6Dv62kRg3F6d6S6G4xY2l098
+CdilncGv1GAbC7fETpt6E4rAla++iDcre4ul3n8hJNfC4+viQgvyD2E6lgvoYh4
6YtGjCb1rHyQtU0Ra8lzzM36DN0f8FkY6rmUvZrApVS2Gxy9KQfNYdhpFGJqUgsA
uVWS60qR9Gy9KU/JMBVG89TaHGhIKnBLH6idpXkvs065fYs2xsUibBbpXeUgHaYN
En/GY4ii0P1/B0lO8sq62FVlLp4YIE2IkwdnA7pnth3/3SZ5zlGJ5Bdj/rrA2UOd
NowJHLUnjRsV+1++/BWXYJQvmeB+JLKVAd1zYK7tiq0CfqYlwOoW0S7k8kSO4Gg3
lix0alrNRDwkgg4K0WJT5I3fukuIrwGfGbTUwD1a9fOI8ClHg/ZhQVq3CFZwH96l
/HodWEGS8gaI5hqAbpVGWhjk9pEZPDyfsJXId6sGAa+RA8xKdRO2j7E5Da4ztlfD
ro8dLsNCZ/v7e8VqM5OdVWT1Cj6cf8iDl+Ql2l2EK4ElSITVQvb2JYCSiGDgDRLE
0OSZiYmvYO8=
=jzxT
-----END PGP SIGNATURE-----

« Back to bulletins