-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3010
                   Security update for the Linux Kernel
                              5 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account
                   Modify Arbitrary Files -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-17182 CVE-2018-16597 CVE-2018-16276
                   CVE-2018-14617 CVE-2018-14613 CVE-2018-7757
                   CVE-2018-7480  

Reference:         ESB-2018.1923
                   ESB-2018.1458
                   ESB-2018.1336
                   ESB-2018.1301

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183004-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3004-1
Rating:             important
References:         #1012382 #1044189 #1063026 #1066223 #1082863 
                    #1082979 #1084427 #1084536 #1087209 #1088087 
                    #1090535 #1091815 #1094244 #1094555 #1094562 
                    #1095344 #1095753 #1096547 #1099810 #1102495 
                    #1102715 #1102870 #1102875 #1102877 #1102879 
                    #1102882 #1102896 #1103156 #1103269 #1106095 
                    #1106434 #1106512 #1106594 #1106934 #1107924 
                    #1108096 #1108170 #1108240 #1108399 #1108803 
                    #1108823 #1109333 #1109336 #1109337 #1109441 
                    #1110297 #1110337 
Cross-References:   CVE-2018-14613 CVE-2018-14617 CVE-2018-16276
                    CVE-2018-16597 CVE-2018-17182 CVE-2018-7480
                    CVE-2018-7757
Affected Products:
                    SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 40 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have
     been used by local attackers to modify or truncate files in the
     underlying filesystem (bnc#1106512).
   - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page()
     when mounting and operating a crafted btrfs image, caused by a lack of
     block group item validation in check_leaf_item (bsc#1102896)
   - CVE-2018-14617: Prevent NULL pointer dereference and panic in
     hfsplus_lookup() when opening a file (that is purportedly a hard link)
     in an hfs+ filesystem that has malformed catalog data, and is mounted
     read-only without a metadata directory (bsc#1102870)
   - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
     yurex_read allowed local attackers to use user access read/writes to
     crash the kernel or potentially escalate privileges (bsc#1106095)
   - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
     drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
     of service (memory consumption) via many read accesses to files in the
     /sys/class/sas_phy directory, as demonstrated by the
     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536)
   - CVE-2018-7480: The blkcg_init_queue function allowed local users to
     cause a denial of service (double free) or possibly have unspecified
     other impact by triggering a creation failure (bsc#1082863).
   - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
     mishandled sequence number overflows. An attacker can trigger a
     use-after-free (and possibly gain privileges) via certain thread
     creation, map, unmap, invalidation, and dereference operations
     (bnc#1108399).

   The following non-security bugs were fixed:

   - asm/sections: add helpers to check for section data (bsc#1063026).
   - ASoC: wm8994: Fix missing break in switch (bnc#1012382).
   - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979).
   - bpf: fix overflow in prog accounting (bsc#1012382).
   - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896,
     bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: Add sanity check for EXTENT_DATA when reading out leaf
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: Check that each block group has corresponding chunk at mount time
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: Introduce mount time chunk <-> dev extent mapping check
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: Move leaf and node validation checker to tree-checker.c
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
     initialized (bnc#1012382).
   - btrfs: replace: Reset on-disk dev stats value after replace
     (bnc#1012382).
   - btrfs: scrub: Do not use inode page cache in
     scrub_handle_errored_block() (bsc#1108096).
   - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896,
     bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Detect invalid and empty essential trees
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Enhance output for check_extent_data_item
     (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,
     bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896,
     bsc#1102879, bsc#1102877, bsc#1102875,).
   - btrfs: use correct compare function of dirty_metadata_bytes
     (bnc#1012382).
   - btrfs: Verify that every chunk has corresponding block group at mount
     time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
   - cifs: check if SMB2 PDU size has been padded and suppress the warning
     (bnc#1012382).
   - crypto: clarify licensing of OpenSSL asm code ().
   - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes).
   - debugobjects: Make stack check warning more informative (bnc#1012382).
   - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382).
   - dm-mpath: do not try to access NULL rq (bsc#1110337).
   - EDAC: Fix memleak in module init error path (bsc#1109441).
   - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
     (1109441).
   - fat: validate ->i_start before using (bnc#1012382).
   - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated
     pages") (bnc#1012382).
   - Follow-up fix for
   patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch
     (bsc#1108803).
   - fork: do not copy inconsistent signal handler state to child
     (bnc#1012382).
   - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
     (bnc#1012382).
   - genirq: Delay incrementing interrupt count if it's disabled/pending
     (bnc#1012382).
   - grow_cache: we still have a code which uses both __GFP_ZERO and
     constructors. The code seems to be correct and the warning does more
     harm than good so revert for the the meantime until we catch offenders.
     (bnc#1110297)
   - hfsplus: do not return 0 when fill_super() failed (bnc#1012382).
   - hfs: prevent crash on exit from failed search (bnc#1012382).
   - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562).
   - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
     (bnc#1012382).
   - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
     (bnc#1012382).
   - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
     (bnc#1012382).
   - kabi protect hnae_ae_ops (bsc#1107924).
   - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).
   - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).
   - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).
   - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382).
   - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).
   - net/9p: fix error path of p9_virtio_probe (bnc#1012382).
   - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).
   - net: ena: Eliminate duplicate barriers on weakly-ordered archs
     (bsc#1108240).
   - net: ena: fix device destruction to gracefully free resources
     (bsc#1108240).
   - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).
   - net: ena: fix incorrect usage of memory barriers (bsc#1108240).
   - net: ena: fix missing calls to READ_ONCE (bsc#1108240).
   - net: ena: fix missing lock during device destruction (bsc#1108240).
   - net: ena: fix potential double ena_destroy_device() (bsc#1108240).
   - net: ena: fix surprise unplug NULL dereference kernel crash
     (bsc#1108240).
   - net: hns: add netif_carrier_off before change speed and duplex
     (bsc#1107924).
   - net: hns: add the code for cleaning pkt in chip (bsc#1107924).
   - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device
     (bsc#1044189).
   - nvmet: fixup crash on NULL device path (bsc#1082979).
   - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512)
   - ovl: proper cleanup of workdir (bnc#1012382).
   - ovl: rename is_merge to is_lowest (bnc#1012382).
   - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382).
   - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
     (bnc#1012382).
   - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244).
   - powerpc/book3s: Fix MCE console messages for unrecoverable MCE
     (bsc#1094244).
   - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).
   - powerpc/fadump: re-register firmware-assisted dump if already registered
     (bsc#1108170, bsc#1108823).
   - powerpc: Fix size calculation using resource_size() (bnc#1012382).
   - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244).
   - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check
     (git-fixes).
   - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
     (bsc#1066223).
   - powerpc/powernv: Rename machine_check_pSeries_early() to powernv
     (bsc#1094244).
   - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX
     (bnc#1012382).
   - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223).
   - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).
   - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,
     bsc#1109337).
   - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
   - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header
     (bsc#1082979).
   - reiserfs: change j_timestamp type to time64_t (bnc#1012382).
   - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382).
   - s390/dasd: fix hanging offline processing due to canceled worker
     (bnc#1012382).
   - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382
     bnc#1106934).
   - sch_hhf: fix null pointer dereference on init failure (bnc#1012382).
   - sch_htb: fix crash on init failure (bnc#1012382).
   - sch_multiq: fix double free on init failure (bnc#1012382).
   - sch_netem: avoid null pointer deref on init failure (bnc#1012382).
   - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382).
   - scripts: modpost: check memory allocation results (bnc#1012382).
   - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382).
   - scsi: ipr: System hung while dlpar adding primary ipr adapter back
     (bsc#1109336).
   - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).
   - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427).
   - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555).
   - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555).
   - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling
     (bsc#1084427).
   - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).
   - scsi: qla2xxx: correctly shift host byte (bsc#1094555).
   - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555).
   - scsi: qla2xxx: Delete session for nport id change (bsc#1094555).
   - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).
   - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555).
   - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555).
   - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555).
   - scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555).
   - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).
   - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555).
   - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode
     (bsc#1094555).
   - scsi: qla2xxx: Fix issue reported by static checker for
     qla2x00_els_dcmd2_sp_done() (bsc#1094555).
   - scsi: qla2xxx: Fix login retry count (bsc#1094555).
   - scsi: qla2xxx: Fix Management Server NPort handle reservation logic
     (bsc#1094555).
   - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555).
   - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change
     (bsc#1084427).
   - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).
   - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion
     (bsc#1094555).
   - scsi: qla2xxx: Fix race between switch cmd completion and timeout
     (bsc#1094555).
   - scsi: qla2xxx: Fix race condition between iocb timeout and
     initialisation (bsc#1094555).
   - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555).
   - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).
   - scsi: qla2xxx: Fix Rport and session state getting out of sync
     (bsc#1094555).
   - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555).
   - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555).
   - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).
   - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555).
   - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).
   - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555).
   - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555).
   - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).
   - scsi: qla2xxx: Migrate NVME N2N handling into state machine
     (bsc#1094555).
   - scsi: qla2xxx: Move GPSC and GFPNID out of session management
     (bsc#1094555).
   - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555).
   - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555).
   - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555).
   - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555).
   - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).
   - scsi: qla2xxx: Remove stale debug value for login_retry flag
     (bsc#1094555).
   - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe
     (bsc#1084427).
   - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427).
   - scsi: qla2xxx: Return busy if rport going away (bsc#1084427).
   - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555).
   - scsi: qla2xxx: Set IIDMA and fcport state before
     qla_nvme_register_remote() (bsc#1084427).
   - scsi: qla2xxx: Silent erroneous message (bsc#1094555).
   - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).
   - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555).
   - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555).
   - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).
   - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function
     (bsc#1094555).
   - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382).
   - smb3: fix reset of bytes read and written stats (bnc#1012382).
   - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
     (bnc#1012382).
   - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
     (bnc#1012382).
   - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
     (bnc#1012382).
   - tcp: do not restart timewait timer on rst reception (bnc#1012382).
   - Update
     patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch
     (bsc#1088087, bsc#1103156).
   - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
   - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382).
   - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).
   - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).
   - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
     (bnc#1012382).
   - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).
   - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
   - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).
   - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space
     (bsc#1095344).
   - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).
   - xfs: add a xfs_iext_update_extent helper (bsc#1095344).
   - xfs: add comments documenting the rebalance algorithm (bsc#1095344).
   - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node
     (bsc#1095344).
   - xfs: add xfs_trim_extent (bsc#1095344).
   - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all
     (bsc#1095344).
   - xfs: borrow indirect blocks from freed extent when available
     (bsc#1095344).
   - xfs: cleanup xfs_bmap_last_before (bsc#1095344).
   - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: do not rely on extent indices in xfs_bmap_collapse_extents
     (bsc#1095344).
   - xfs: do not rely on extent indices in xfs_bmap_insert_extents
     (bsc#1095344).
   - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).
   - xfs: during btree split, save new block key and ptr for future insertion
     (bsc#1095344).
   - xfs: factor out a helper to initialize a local format inode fork
     (bsc#1095344).
   - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).
   - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).
   - xfs: fix transaction allocation deadlock in IO path (bsc#1090535).
   - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).
   - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).
   - xfs: improve kmem_realloc (bsc#1095344).
   - xfs: inline xfs_shift_file_space into callers (bsc#1095344).
   - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).
   - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).
   - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).
   - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real
     (bsc#1095344).
   - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).
   - xfs: move pre/post-bmap tracing into xfs_iext_update_extent
     (bsc#1095344).
   - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).
   - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).
   - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).
   - xfs: move xfs_iext_insert tracepoint to report useful information
     (bsc#1095344).
   - xfs: new inode extent list lookup helpers (bsc#1095344).
   - xfs: only run torn log write detection on dirty logs (bsc#1095753).
   - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).
   - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).
   - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).
   - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).
   - xfs: provide helper for counting extents from if_bytes (bsc#1095344).
   - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: refactor delalloc indlen reservation split into helper
     (bsc#1095344).
   - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).
   - xfs: refactor in-core log state update to helper (bsc#1095753).
   - xfs: refactor unmount record detection into helper (bsc#1095753).
   - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).
   - xfs: refactor xfs_bunmapi_cow (bsc#1095344).
   - xfs: refactor xfs_del_extent_real (bsc#1095344).
   - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all
     (bsc#1095344).
   - xfs: remove a superflous assignment in xfs_iext_remove_node
     (bsc#1095344).
   - xfs: remove if_rdev (bsc#1095344).
   - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).
   - xfs: remove support for inlining data/extents into the inode fork
     (bsc#1095344).
   - xfs: remove the never fully implemented UUID fork format (bsc#1095344).
   - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).
   - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).
   - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).
   - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).
   - xfs: remove xfs_bmbt_get_state (bsc#1095344).
   - xfs: remove xfs_bmse_shift_one (bsc#1095344).
   - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).
   - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).
   - xfs: replace xfs_qm_get_rtblks with a direct call to
     xfs_bmap_count_leaves (bsc#1095344).
   - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).
   - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent
     (bsc#1095344).
   - xfs: rewrite xfs_bmap_first_unused to make better use of
     xfs_iext_get_extent (bsc#1095344).
   - xfs: separate log head record discovery from verification (bsc#1095753).
   - xfs: simplify the xfs_getbmap interface (bsc#1095344).
   - xfs: simplify validation of the unwritten extent bit (bsc#1095344).
   - xfs: split indlen reservations fairly when under reserved (bsc#1095344).
   - xfs: split xfs_bmap_shift_extents (bsc#1095344).
   - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).
   - xfs: update freeblocks counter after extent deletion (bsc#1095344).
   - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).
   - xfs: use a b+tree for the in-core extent list (bsc#1095344).
   - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}
     (bsc#1095344).
   - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).
   - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).
   - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).
   - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).
   - xfs: use xfs_bmap_del_extent_delay for the data fork as well
     (bsc#1095344).
   - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents
     (bsc#1095344).
   - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at
     (bsc#1095344).
   - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).
   - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Live Patching 12-SP3:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2135=1



Package List:

   - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):

      kgraft-patch-4_4_156-94_57-default-1-4.3.5
      kgraft-patch-4_4_156-94_57-default-debuginfo-1-4.3.5


References:

   https://www.suse.com/security/cve/CVE-2018-14613.html
   https://www.suse.com/security/cve/CVE-2018-14617.html
   https://www.suse.com/security/cve/CVE-2018-16276.html
   https://www.suse.com/security/cve/CVE-2018-16597.html
   https://www.suse.com/security/cve/CVE-2018-17182.html
   https://www.suse.com/security/cve/CVE-2018-7480.html
   https://www.suse.com/security/cve/CVE-2018-7757.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1044189
   https://bugzilla.suse.com/1063026
   https://bugzilla.suse.com/1066223
   https://bugzilla.suse.com/1082863
   https://bugzilla.suse.com/1082979
   https://bugzilla.suse.com/1084427
   https://bugzilla.suse.com/1084536
   https://bugzilla.suse.com/1087209
   https://bugzilla.suse.com/1088087
   https://bugzilla.suse.com/1090535
   https://bugzilla.suse.com/1091815
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1094555
   https://bugzilla.suse.com/1094562
   https://bugzilla.suse.com/1095344
   https://bugzilla.suse.com/1095753
   https://bugzilla.suse.com/1096547
   https://bugzilla.suse.com/1099810
   https://bugzilla.suse.com/1102495
   https://bugzilla.suse.com/1102715
   https://bugzilla.suse.com/1102870
   https://bugzilla.suse.com/1102875
   https://bugzilla.suse.com/1102877
   https://bugzilla.suse.com/1102879
   https://bugzilla.suse.com/1102882
   https://bugzilla.suse.com/1102896
   https://bugzilla.suse.com/1103156
   https://bugzilla.suse.com/1103269
   https://bugzilla.suse.com/1106095
   https://bugzilla.suse.com/1106434
   https://bugzilla.suse.com/1106512
   https://bugzilla.suse.com/1106594
   https://bugzilla.suse.com/1106934
   https://bugzilla.suse.com/1107924
   https://bugzilla.suse.com/1108096
   https://bugzilla.suse.com/1108170
   https://bugzilla.suse.com/1108240
   https://bugzilla.suse.com/1108399
   https://bugzilla.suse.com/1108803
   https://bugzilla.suse.com/1108823
   https://bugzilla.suse.com/1109333
   https://bugzilla.suse.com/1109336
   https://bugzilla.suse.com/1109337
   https://bugzilla.suse.com/1109441
   https://bugzilla.suse.com/1110297
   https://bugzilla.suse.com/1110337

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW7bFbWaOgq3Tt24GAQg6EA/+IvJ3mNLiQm8aKxZNIh685OpnTQMayWHN
NhuXr71o0Zf/EUwgkaIyV3EXr8L40Q/hp2ImQuWZ0r9IjplFiaO5K73b/Yxsu+IP
h912sJ938HKQijEQVu5opKmIH8n+nMYgOHE0S2y99cA0PDc0ya2VjJR+bSBQUc3M
8mGvj+ap0vnrTKY+4YBweWMxmhxsgk6CON0C0axIGk8vCg75SHNUEyjOdzfK0aWg
cEL8XPVuwXHOQ2GHcbWCV+UpcjuYMDCWAnbPJvS1Zjchgg/aap+ov3maxU3JNurM
fGVlGmynGPetBx06nnVu9puJF4Ov/pe9+djyxfQvFx8Me+e/FPa4hP41jWu60Jb+
kHUU2EbYVyVW1qDyHenVX/brztjK71ZYn/HfcVv6Xipu8SD27sCFh10nLpwS7s94
vuwrE7CGuVNMLqZP06tw+2pr8zTVTSRrQPWfOQ1mA1P+42SkfVZi5t+T6xeEeyQi
FMu9sFrAKDyR/YRli7b5qQp9YxutJ5ymIrKWbeQE7CywLUBXVzSLK19wJeHw5wPc
4XZLWaKhtslrBUcakWIpkI9cRH5GNgUPAbvCOA75Z7afKkN5lvZsM3Oc4Zjw5/2g
3g+4PgA58kmMGhIamsMTTPcnkfn+H4+SfuE+BCuocvFGypN/YFZAWLne2j1bGavW
I/Y/vZCLKNs=
=Xtt/
-----END PGP SIGNATURE-----