Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3003-1 Final 1 1 2018-10-04T12:01:46Z current 2018-10-04T12:01:46Z 2018-10-04T12:01:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536) - CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - asm/sections: add helpers to check for section data (bsc#1063026). - ASoC: wm8994: Fix missing break in switch (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - bpf: fix overflow in prog accounting (bsc#1012382). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - crypto: clarify licensing of OpenSSL asm code (). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - EDAC: Fix memleak in module init error path (bsc#1109441). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - fat: validate ->i_start before using (bnc#1012382). - Fixes: Commit cdbf92675fad ('mm: numa: avoid waiting on freed migrated pages') (bnc#1012382). - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch (bsc#1108803). - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - grow_cache: we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297) - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - kabi protect hnae_ae_ops (bsc#1107924). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - Revert 'ARM: imx_v6_v7_defconfig: Select ULPI support' (bnc#1012382). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555). - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427). - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1094555). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1094555). - scsi: qla2xxx: Fix login retry count (bsc#1094555). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1094555). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555). - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (bsc#1094555). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1094555). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1094555). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555). - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1094555). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555). - scsi: qla2xxx: Fix stalled relogin (bsc#1094555). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555). - scsi: qla2xxx: Fix unintended Logout (bsc#1094555). - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555). - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1094555). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1094555). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555). - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1094555). - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427). - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427). - scsi: qla2xxx: Return busy if rport going away (bsc#1084427). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555). - scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427). - scsi: qla2xxx: Silent erroneous message (bsc#1094555). - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1094555). - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382). - smb3: fix reset of bytes read and written stats (bnc#1012382). - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bnc#1012382). - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free (bnc#1012382). - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bnc#1012382). - tcp: do not restart timewait timer on rst reception (bnc#1012382). - Update patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch (bsc#1088087, bsc#1103156). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key and ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-2135,SUSE-SLE-HA-12-SP3-2018-2135,SUSE-SLE-SDK-12-SP3-2018-2135,SUSE-SLE-SERVER-12-SP3-2018-2135,SUSE-SLE-WE-12-SP3-2018-2135 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ Link for SUSE-SU-2018:3003-1 https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1.html E-Mail link for SUSE-SU-2018:3003-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012382 SUSE Bug 1012382 https://bugzilla.suse.com/1044189 SUSE Bug 1044189 https://bugzilla.suse.com/1063026 SUSE Bug 1063026 https://bugzilla.suse.com/1066223 SUSE Bug 1066223 https://bugzilla.suse.com/1082863 SUSE Bug 1082863 https://bugzilla.suse.com/1082979 SUSE Bug 1082979 https://bugzilla.suse.com/1084427 SUSE Bug 1084427 https://bugzilla.suse.com/1084536 SUSE Bug 1084536 https://bugzilla.suse.com/1087209 SUSE Bug 1087209 https://bugzilla.suse.com/1088087 SUSE Bug 1088087 https://bugzilla.suse.com/1090535 SUSE Bug 1090535 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1094244 SUSE Bug 1094244 https://bugzilla.suse.com/1094555 SUSE Bug 1094555 https://bugzilla.suse.com/1094562 SUSE Bug 1094562 https://bugzilla.suse.com/1095344 SUSE Bug 1095344 https://bugzilla.suse.com/1095753 SUSE Bug 1095753 https://bugzilla.suse.com/1096547 SUSE Bug 1096547 https://bugzilla.suse.com/1099810 SUSE Bug 1099810 https://bugzilla.suse.com/1102495 SUSE Bug 1102495 https://bugzilla.suse.com/1102715 SUSE Bug 1102715 https://bugzilla.suse.com/1102870 SUSE Bug 1102870 https://bugzilla.suse.com/1102875 SUSE Bug 1102875 https://bugzilla.suse.com/1102877 SUSE Bug 1102877 https://bugzilla.suse.com/1102879 SUSE Bug 1102879 https://bugzilla.suse.com/1102882 SUSE Bug 1102882 https://bugzilla.suse.com/1102896 SUSE Bug 1102896 https://bugzilla.suse.com/1103156 SUSE Bug 1103156 https://bugzilla.suse.com/1103269 SUSE Bug 1103269 https://bugzilla.suse.com/1106095 SUSE Bug 1106095 https://bugzilla.suse.com/1106434 SUSE Bug 1106434 https://bugzilla.suse.com/1106512 SUSE Bug 1106512 https://bugzilla.suse.com/1106594 SUSE Bug 1106594 https://bugzilla.suse.com/1106934 SUSE Bug 1106934 https://bugzilla.suse.com/1107924 SUSE Bug 1107924 https://bugzilla.suse.com/1108096 SUSE Bug 1108096 https://bugzilla.suse.com/1108170 SUSE Bug 1108170 https://bugzilla.suse.com/1108240 SUSE Bug 1108240 https://bugzilla.suse.com/1108399 SUSE Bug 1108399 https://bugzilla.suse.com/1108803 SUSE Bug 1108803 https://bugzilla.suse.com/1108823 SUSE Bug 1108823 https://bugzilla.suse.com/1109333 SUSE Bug 1109333 https://bugzilla.suse.com/1109336 SUSE Bug 1109336 https://bugzilla.suse.com/1109337 SUSE Bug 1109337 https://bugzilla.suse.com/1109441 SUSE Bug 1109441 https://bugzilla.suse.com/1110297 SUSE Bug 1110297 https://bugzilla.suse.com/1110337 SUSE Bug 1110337 https://www.suse.com/security/cve/CVE-2018-14613/ SUSE CVE CVE-2018-14613 page https://www.suse.com/security/cve/CVE-2018-14617/ SUSE CVE CVE-2018-14617 page https://www.suse.com/security/cve/CVE-2018-16276/ SUSE CVE CVE-2018-16276 page https://www.suse.com/security/cve/CVE-2018-16597/ SUSE CVE CVE-2018-16597 page https://www.suse.com/security/cve/CVE-2018-17182/ SUSE CVE CVE-2018-17182 page https://www.suse.com/security/cve/CVE-2018-7480/ SUSE CVE CVE-2018-7480 page https://www.suse.com/security/cve/CVE-2018-7757/ SUSE CVE CVE-2018-7757 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 kernel-default-4.4.156-94.57.1 kernel-default-devel-4.4.156-94.57.1 kernel-default-extra-4.4.156-94.57.1 kernel-devel-4.4.156-94.57.1 kernel-macros-4.4.156-94.57.1 kernel-source-4.4.156-94.57.1 kernel-syms-4.4.156-94.57.1 cluster-md-kmp-default-4.4.156-94.57.1 dlm-kmp-default-4.4.156-94.57.1 gfs2-kmp-default-4.4.156-94.57.1 ocfs2-kmp-default-4.4.156-94.57.1 kernel-docs-4.4.156-94.57.1 kernel-obs-build-4.4.156-94.57.1 kernel-default-base-4.4.156-94.57.1 kernel-default-man-4.4.156-94.57.1 kernel-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-default-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-default-extra-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-macros-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-source-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 kernel-syms-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 cluster-md-kmp-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 dlm-kmp-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 gfs2-kmp-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 ocfs2-kmp-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 kernel-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-default-base-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-default-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-default-man-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-macros-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-source-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-syms-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server 12 SP3 kernel-default-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-default-base-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-default-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-default-man-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-devel-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-macros-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-source-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-syms-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 kernel-docs-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 kernel-obs-build-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 kernel-default-extra-4.4.156-94.57.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. CVE-2018-14613 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-14613.html CVE-2018-14613 https://bugzilla.suse.com/1102896 SUSE Bug 1102896 https://bugzilla.suse.com/1103800 SUSE Bug 1103800 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. CVE-2018-14617 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-14617.html CVE-2018-14617 https://bugzilla.suse.com/1102870 SUSE Bug 1102870 An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. CVE-2018-16276 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-16276.html CVE-2018-16276 https://bugzilla.suse.com/1106095 SUSE Bug 1106095 https://bugzilla.suse.com/1115593 SUSE Bug 1115593 An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. CVE-2018-16597 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-16597.html CVE-2018-16597 https://bugzilla.suse.com/1106512 SUSE Bug 1106512 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. CVE-2018-17182 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-17182.html CVE-2018-17182 https://bugzilla.suse.com/1108399 SUSE Bug 1108399 https://bugzilla.suse.com/1110233 SUSE Bug 1110233 The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. CVE-2018-7480 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-7480.html CVE-2018-7480 https://bugzilla.suse.com/1082863 SUSE Bug 1082863 https://bugzilla.suse.com/1084536 SUSE Bug 1084536 Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. CVE-2018-7757 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:cluster-md-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:dlm-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:gfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise High Availability Extension 12 SP3:ocfs2-kmp-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-base-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-default-man-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-devel-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-macros-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-source-4.4.156-94.57.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-docs-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12 SP3:kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Workstation Extension 12 SP3:kernel-default-extra-4.4.156-94.57.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/ https://www.suse.com/security/cve/CVE-2018-7757.html CVE-2018-7757 https://bugzilla.suse.com/1084536 SUSE Bug 1084536 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1087209 SUSE Bug 1087209 https://bugzilla.suse.com/1091815 SUSE Bug 1091815