Detections
Analytics

openSUSE Security Update : the Linux Kernel (openSUSE-2017-1017)

high Nessus Plugin ID 103155

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various security and bugfixes.

The following security bugs were fixed :

 - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).

 - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919).

The following non-security bugs were fixed :

 - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291).

 - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).

 - acpi: APEI: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627).

 - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).

 - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).

 - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes).

 - Add 'shutdown' to 'struct class' (bsc#1053117).

 - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).

 - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).

 - alsa: hda - Workaround for i915 KBL breakage (bsc#1048356,bsc#1047989,bsc#1055272).

 - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).

 - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).

 - arm64: do not trace atomic operations (bsc#1055290).

 - block: add kblock_mod_delayed_work_on() (bsc#1050211).

 - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211).

 - block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211).

 - block: return on congested block device (FATE#321994).

 - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784).

 - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784).

 - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown (bsc#1053309).

 - bnxt_en: Add additional chip ID definitions (bsc#1053309).

 - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool stats (bsc#1053309).

 - bnxt_en: Add missing logic to handle TPA end error conditions (bsc#1053309).

 - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309).

 - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0 (bsc#1053309).

 - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration (bsc#1053309).

 - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST (bsc#1053309).

 - bnxt_en: Fix bug in ethtool -L (bsc#1053309).

 - bnxt_en: Fix netpoll handling (bsc#1053309).

 - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309).

 - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309).

 - bnxt_en: Fix xmit_more with BQL (bsc#1053309).

 - bnxt_en: Implement ndo_bridge_(get|set)link methods (bsc#1053309).

 - bnxt_en: Implement xmit_more (bsc#1053309).

 - bnxt_en: Optimize doorbell write operations for newer chips (bsc#1053309).

 - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309).

 - bnxt_en: Report firmware DCBX agent (bsc#1053309).

 - bnxt_en: Retrieve the hardware bridge mode from the firmware (bsc#1053309).

 - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309).

 - bnxt_en: Support for Short Firmware Message (bsc#1053309).

 - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309).

 - bnxt: fix unsigned comparsion with 0 (bsc#1053309).

 - bnxt: fix unused variable warnings (bsc#1053309).

 - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).

 - btrfs: nowait aio: Correct assignment of pos (FATE#321994).

 - btrfs: nowait aio support (FATE#321994).

 - ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (bsc#1048228).

 - ceph: avoid invalid memory dereference in the middle of umount (bsc#1048228).

 - ceph: cleanup writepage_nounlock() (bsc#1048228).

 - ceph: do not re-send interrupted flock request (bsc#1048228).

 - ceph: getattr before read on ceph.* xattrs (bsc#1048228).

 - ceph: handle epoch barriers in cap messages (bsc#1048228).

 - ceph: new mount option that specifies fscache uniquifier (bsc#1048228).

 - ceph: redirty page when writepage_nounlock() skips unwritable page (bsc#1048228).

 - ceph: remove special ack vs commit behavior (bsc#1048228).

 - ceph: remove useless page->mapping check in writepage_nounlock() (bsc#1048228).

 - ceph: re-request max size after importing caps (bsc#1048228).

 - ceph: update ceph_dentry_info::lease_session when necessary (bsc#1048228).

 - ceph: update the 'approaching max_size' code (bsc#1048228).

 - ceph: when seeing write errors on an inode, switch to sync writes (bsc#1048228).

 - cifs: Fix maximum SMB2 header size (bsc#1056185).

 - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization (bsc#1055709).

 - crush: assume weight_set != null imples weight_set_size > 0 (bsc#1048228).

 - crush: crush_init_workspace starts with struct crush_work (bsc#1048228).

 - crush: implement weight and id overrides for straw2 (bsc#1048228).

 - crush: remove an obsolete comment (bsc#1048228).

 - crypto: chcr - Add ctr mode and process large sg entries for cipher (bsc#1048325).

 - crypto: chcr - Avoid changing request structure (bsc#1048325).

 - crypto: chcr - Ensure Destination sg entry size less than 2k (bsc#1048325).

 - crypto: chcr - Fix fallback key setting (bsc#1048325).

 - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325).

 - crypto: chcr - Return correct error code (bsc#1048325).

 - cxgb4: update latest firmware version supported (bsc#1048327).

 - cxgbit: add missing __kfree_skb() (bsc#1052095).

 - cxgbit: fix sg_nents calculation (bsc#1052095).

 - Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384)

 - dm: make flush bios explicitly sync (bsc#1050211).

 - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912).

 - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).

 - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).

 - ext4: nowait aio support (FATE#321994).

 - fs: Introduce filemap_range_has_page() (FATE#321994).

 - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994).

 - fs: pass on flags in compat_writev (bsc#1050211).

 - fs: return if direct I/O will trigger writeback (FATE#321994).

 - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994).

 - fs: Use RWF_* flags for AIO operations (FATE#321994).

 - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).

 - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller (bsc#1049291).

 - i2c: designware: Convert to use unified device property API (bsc#1049291).

 - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).

 - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633).

 - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633).

 - i2c: xgene-slimpro: Use a single function to send command message (bsc#1053633).

 - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685).

 - ib/iser: Fix connection teardown race condition (bsc#1050211).

 - iscsi-target: fix invalid flags in text response (bsc#1052095).

 - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).

 - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290).

 - kABI: protect enum pid_type (kabi).

 - kABI: protect struct iscsi_np (kabi).

 - kABI: protect struct se_lun (kabi).

 - kabi/severities: add fs/ceph to kabi severities (bsc#1048228).

 - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)

 - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472)

 - kABI: uninline task_tgid_nr_nr (kabi).

 - kvm: arm64: Restore host physical timer access on hyp_panic() (bsc#1054082).

 - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability (bsc#1054082).

 - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state (bsc#1055935).

 - kvm: x86: block guest protection keys unless the host has them enabled (bsc#1055935).

 - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).

 - kvm: x86: simplify handling of PKRU (bsc#1055935).

 - libceph: abort already submitted but abortable requests when map or pool goes full (bsc#1048228).

 - libceph: add an epoch_barrier field to struct ceph_osd_client (bsc#1048228).

 - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS (bsc#1048228).

 - libceph: advertise support for OSD_POOLRESEND (bsc#1048228).

 - libceph: allow requests to return immediately on full conditions if caller wishes (bsc#1048228).

 - libceph: always populate t->target_(oid,oloc) in calc_target() (bsc#1048228).

 - libceph: always signal completion when done (bsc#1048228).

 - libceph: apply_upmap() (bsc#1048228).

 - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228).

 - libceph: ceph_connection_operations::reencode_message() method (bsc#1048228).

 - libceph: ceph_decode_skip_* helpers (bsc#1048228).

 - libceph: compute actual pgid in ceph_pg_to_up_acting_osds() (bsc#1048228).

 - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule() (bsc#1048228).

 - libceph: delete from need_resend_linger before check_linger_pool_dne() (bsc#1048228).

 - libceph: do not call encode_request_finish() on MOSDBackoff messages (bsc#1048228).

 - libceph: do not call ->reencode_message() more than once per message (bsc#1048228).

 - libceph: do not pass pgid by value (bsc#1048228).

 - libceph: drop need_resend from calc_target() (bsc#1048228).

 - libceph: encode_(pgid,oloc)() helpers (bsc#1048228).

 - libceph: fallback for when there isn't a pool-specific choose_arg (bsc#1048228).

 - libceph: fix old style declaration warnings (bsc#1048228).

 - libceph: foldreq->last_force_resend into ceph_osd_request_target (bsc#1048228).

 - libceph: get rid of ack vs commit (bsc#1048228).

 - libceph: handle non-empty dest in ceph_(oloc,oid)_copy() (bsc#1048228).

 - libceph: initialize last_linger_id with a large integer (bsc#1048228).

 - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228).

 - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228).

 - libceph: kill __(insert,lookup,remove)_pg_mapping() (bsc#1048228).

 - libceph: make DEFINE_RB_* helpers more general (bsc#1048228).

 - libceph: make encode_request_*() work with r_mempool requests (bsc#1048228).

 - libceph: make RECOVERY_DELETES feature create a new interval (bsc#1048228).

 - libceph: make sure need_resend targets reflect latest map (bsc#1048228).

 - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228).

 - libceph: new features macros (bsc#1048228).

 - libceph: new pi->last_force_request_resend (bsc#1048228).

 - libceph: NULL deref on osdmap_apply_incremental() error path (bsc#1048228).

 - libceph: osd_request_timeout option (bsc#1048228).

 - libceph: osd_state is 32 bits wide in luminous (bsc#1048228).

 - libceph: pg_upmap[_items] infrastructure (bsc#1048228).

 - libceph: pool deletion detection (bsc#1048228).

 - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1048228).

 - libceph: remove ceph_sanitize_features() workaround (bsc#1048228).

 - libceph: remove now unused finish_request() wrapper (bsc#1048228).

 - libceph: remove req->r_replay_version (bsc#1048228).

 - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228).

 - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).

 - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228).

 - libceph: support SERVER_JEWEL feature bits (bsc#1048228).

 - libceph: take osdc->lock in osdmap_show() and dump flags in hex (bsc#1048228).

 - libceph: upmap semantic changes (bsc#1048228).

 - libceph: use alloc_pg_mapping() in
 __decode_pg_upmap_items() (bsc#1048228).

 - libceph: use target pi for calc_target() calculations (bsc#1048228).

 - lib: test_rhashtable: fix for large entry counts (bsc#1055359).

 - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).

 - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).

 - locking/rwsem-spinlock: Fix EINTR branch in
 __down_write_common() (bsc#969756).

 - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384).

 - lpfc: convert info messages to standard messages (bsc#1052384).

 - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384).

 - lpfc: Correct return error codes to align with nvme_fc transport (bsc#1052384).

 - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384).

 - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384).

 - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384).

 - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology (bsc#1052384).

 - lpfc: fix 'integer constant too large' error on 32bit archs (bsc#1052384).

 - lpfc: Fix loop mode target discovery (bsc#1052384).

 - lpfc: Fix MRQ > 1 context list handling (bsc#1052384).

 - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).

 - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384).

 - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment (bsc#1052384).

 - lpfc: Fix plogi collision that causes illegal state transition (bsc#1052384).

 - lpfc: Fix rediscovery on switch blade pull (bsc#1052384).

 - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384).

 - lpfc: fixup crash during storage failover operations (bsc#1042847).

 - lpfc: Limit amount of work processed in IRQ (bsc#1052384).

 - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).

 - lpfc: remove console log clutter (bsc#1052384).

 - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).

 - megaraid_sas: Fix probing cards without io port (bsc#1053681).

 - mmc: mmc: correct the logic for setting HS400ES signal voltage (bsc#1054082).

 - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes).

 - mptsas: Fixup device hotplug for VMware ESXi (bsc#1030850).

 - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336).

 - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).

 - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).

 - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888).

 - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888).

 - net: hns: add acpi function of xge led control (bsc#1049336).

 - net: hns: Fix a skb used after free bug (bsc#1049336).

 - net/mlx5: Cancel delayed recovery work when unloading the driver (bsc#1015342).

 - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure (bsc#1015342).

 - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).

 - net/mlx5e: Add field select to MTPPS register (bsc#1015342).

 - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).

 - net/mlx5e: Change 1PPS out scheme (bsc#1015342).

 - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).

 - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).

 - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).

 - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff (bsc#1015342).

 - net/mlx5e: Rename physical symbol errors counter (bsc#1015342).

 - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests (bsc#1015342).

 - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).

 - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).

 - net: phy: Fix lack of reference count on PHY driver (bsc#1049336).

 - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() (bsc#1049336).

 - nvme-fc: address target disconnect race conditions in fcp io submit (bsc#1052384).

 - nvme-fc: do not override opts->nr_io_queues (bsc#1052384).

 - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384).

 - nvme_fc/nvmet_fc: revise Create Association descriptor length (bsc#1052384).

 - nvme_fc: Reattach to localports on re-registration (bsc#1052384).

 - nvme-fc: revise TRADDR parsing (bsc#1052384).

 - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384).

 - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it (bsc#1052384).

 - nvme: fix hostid parsing (bsc#1049272).

 - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384).

 - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).

 - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384).

 - nvmet: avoid unneeded assignment of submit_bio return value (bsc#1052384).

 - nvmet_fc: Accept variable pad lengths on Create Association LS (bsc#1052384).

 - nvmet_fc: add defer_req callback for deferment of cmd buffer return (bsc#1052384).

 - nvmet-fc: correct use after free on list teardown (bsc#1052384).

 - nvmet-fc: eliminate incorrect static markers on local variables (bsc#1052384).

 - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association (bsc#1052384).

 - nvmet_fc: Simplify sg list handling (bsc#1052384).

 - nvmet: prefix version configfs file with attr (bsc#1052384).

 - of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827).

 - ovl: fix dentry leak for default_permissions (bsc#1054084).

 - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).

 - pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs (1050211).

 - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096).

 - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096).

 - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096).

 - percpu_ref: restructure operation mode switching (bsc#1055096).

 - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).

 - phy: Do not increment MDIO bus refcount unless it's a different owner (bsc#1049336).

 - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336).

 - qeth: add network device features for VLAN devices (bnc#1053472, LTC#157385).

 - r8169: Add support for restarting auto-negotiation (bsc#1050742).

 - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742).

 - r8169:fix system hange problem (bsc#1050742).

 - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742).

 - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742).

 - r8169:Remove unnecessary phy reset for pcie nic when setting link spped (bsc#1050742).

 - r8169:Update the way of reading RTL8168H PHY register 'rg_saw_cnt' (bsc#1050742).

 - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).

 - Remove patch 0407-nvme_fc-change-failure-code-on-remoteport-connectiv i.patch (bsc#1037838)

 - Revert 'ceph: SetPageError() for writeback pages if writepages fails' (bsc#1048228).

 - s390/diag: add diag26c support (bnc#1053472, LTC#156729).

 - s390: export symbols for crash-kmp (bsc#1053915).

 - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h (bsc#1053472).

 - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472, LTC#157731).

 - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731).

 - s390/pci: improve error handling during fmb (de)registration (bnc#1053472, LTC#157731).

 - s390/pci: improve error handling during interrupt deregistration (bnc#1053472, LTC#157731).

 - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).

 - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731).

 - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731).

 - s390/pci: provide more debug information (bnc#1053472, LTC#157731).

 - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731).

 - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276).

 - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276).

 - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472, LTC#156729).

 - scsi: csiostor: add check for supported fw version (bsc#1005776).

 - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776).

 - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() (bsc#1005776).

 - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776).

 - scsi: csiostor: update module version (bsc#1052093).

 - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094).

 - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912).

 - scsi: qedf: Limit number of CQs (bsc#1040813).

 - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).

 - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed).

 - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).

 - tpm: KABI fix (bsc#1053117).

 - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3).

 - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).

 - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).

 - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082).

 - tty: serial: msm: Support more bauds (git-fixes).

 - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_ trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).

 - usb: core: fix device node leak (bsc#1047487).

 - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).

 - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896).

 - xfs: nowait aio support (FATE#321994).

 - xgene: Always get clk source, but ignore if it's missing for SGMII ports (bsc#1048501).

 - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1005776

https://bugzilla.opensuse.org/show_bug.cgi?id=1015342

https://bugzilla.opensuse.org/show_bug.cgi?id=1020645

https://bugzilla.opensuse.org/show_bug.cgi?id=1020657

https://bugzilla.opensuse.org/show_bug.cgi?id=1030850

https://bugzilla.opensuse.org/show_bug.cgi?id=1031717

https://bugzilla.opensuse.org/show_bug.cgi?id=1031784

https://bugzilla.opensuse.org/show_bug.cgi?id=1034048

https://bugzilla.opensuse.org/show_bug.cgi?id=1037838

https://bugzilla.opensuse.org/show_bug.cgi?id=1040813

https://bugzilla.opensuse.org/show_bug.cgi?id=1042847

https://bugzilla.opensuse.org/show_bug.cgi?id=1047487

https://bugzilla.opensuse.org/show_bug.cgi?id=1047989

https://bugzilla.opensuse.org/show_bug.cgi?id=1048155

https://bugzilla.opensuse.org/show_bug.cgi?id=1048228

https://bugzilla.opensuse.org/show_bug.cgi?id=1048325

https://bugzilla.opensuse.org/show_bug.cgi?id=1048327

https://bugzilla.opensuse.org/show_bug.cgi?id=1048356

https://bugzilla.opensuse.org/show_bug.cgi?id=1048501

https://bugzilla.opensuse.org/show_bug.cgi?id=1048912

https://bugzilla.opensuse.org/show_bug.cgi?id=1048934

https://bugzilla.opensuse.org/show_bug.cgi?id=1049226

https://bugzilla.opensuse.org/show_bug.cgi?id=1049272

https://bugzilla.opensuse.org/show_bug.cgi?id=1049291

https://bugzilla.opensuse.org/show_bug.cgi?id=1049336

https://bugzilla.opensuse.org/show_bug.cgi?id=1050211

https://bugzilla.opensuse.org/show_bug.cgi?id=1050742

https://bugzilla.opensuse.org/show_bug.cgi?id=1051790

https://bugzilla.opensuse.org/show_bug.cgi?id=1052093

https://bugzilla.opensuse.org/show_bug.cgi?id=1052094

https://bugzilla.opensuse.org/show_bug.cgi?id=1052095

https://bugzilla.opensuse.org/show_bug.cgi?id=1052384

https://bugzilla.opensuse.org/show_bug.cgi?id=1052580

https://bugzilla.opensuse.org/show_bug.cgi?id=1052888

https://bugzilla.opensuse.org/show_bug.cgi?id=1053117

https://bugzilla.opensuse.org/show_bug.cgi?id=1053309

https://bugzilla.opensuse.org/show_bug.cgi?id=1053472

https://bugzilla.opensuse.org/show_bug.cgi?id=1053627

https://bugzilla.opensuse.org/show_bug.cgi?id=1053629

https://bugzilla.opensuse.org/show_bug.cgi?id=1053633

https://bugzilla.opensuse.org/show_bug.cgi?id=1053681

https://bugzilla.opensuse.org/show_bug.cgi?id=1053685

https://bugzilla.opensuse.org/show_bug.cgi?id=1053802

https://bugzilla.opensuse.org/show_bug.cgi?id=1053915

https://bugzilla.opensuse.org/show_bug.cgi?id=1053919

https://bugzilla.opensuse.org/show_bug.cgi?id=1054082

https://bugzilla.opensuse.org/show_bug.cgi?id=1054084

https://bugzilla.opensuse.org/show_bug.cgi?id=1055013

https://bugzilla.opensuse.org/show_bug.cgi?id=1055096

https://bugzilla.opensuse.org/show_bug.cgi?id=1055272

https://bugzilla.opensuse.org/show_bug.cgi?id=1055290

https://bugzilla.opensuse.org/show_bug.cgi?id=1055359

https://bugzilla.opensuse.org/show_bug.cgi?id=1055709

https://bugzilla.opensuse.org/show_bug.cgi?id=1055896

https://bugzilla.opensuse.org/show_bug.cgi?id=1055935

https://bugzilla.opensuse.org/show_bug.cgi?id=1055963

https://bugzilla.opensuse.org/show_bug.cgi?id=1056185

https://bugzilla.opensuse.org/show_bug.cgi?id=1056588

https://bugzilla.opensuse.org/show_bug.cgi?id=1056827

https://bugzilla.opensuse.org/show_bug.cgi?id=969756

Plugin Details

Severity: High

ID: 103155

File Name: openSUSE-2017-1017.nasl

Version: 3.5

Type: local

Agent: unix

Published: 9/13/2017

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/7/2017

Vulnerability Publication Date: 8/24/2017

Reference Information

CVE: CVE-2017-12134, CVE-2017-14051