The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new bigmem flavor has been added to support big Power machines. The following security bugs were fixed: - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service by reading the /proc/keys file . - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions . - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service via vectors involving a bind system call on a Bluetooth RFCOMM socket . - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing . - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 . - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code . - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service via a crafted sendmsg system call . - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service via a crafted SACK option . - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack . - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service by changing a certain size value, aka a double fetch vulnerability . - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary . - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions . - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c . The following non-security bugs were fixed: - ahci: Order SATA device IDs for codename Lewisburg . - ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs . - alsa: hda - Add Intel Lewisburg device IDs Audio . - arch/powerpc: Remove duplicate/redundant Altivec entries . - avoid dentry crash triggered by NFS . - bigmem: Add switch to configure bigmem patches . - blktap2: eliminate deadlock potential from shutdown path . - blktap2: eliminate race from deferred work queue handling . - bnx2x: fix lockdep splat . - bonding: always set recv_probe to bond_arp_rcv in arp monitor . - bonding: fix bond_arp_rcv setting and arp validate desync state . - btrfs: account for non-CoW"d blocks in btrfs_abort_transaction . - btrfs: ensure that file descriptor used with subvol ioctls is a dir . - cdc-acm: added sanity checking for probe . - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args . - cxgb4: Set VPD size so we can read both VPD structures . - dm space map metadata: fix sm_bootstrap_get_nr_blocks . - dm thin: fix race condition when destroying thin pool workqueue . - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload . - drivers: hv: vmbus: avoid wait_for_completion on crash . - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages . - drivers: hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts . - drivers: hv: vmbus: handle various crash scenarios . - drivers: hv: vmbus: remove code duplication in message handling . - drivers: hv: vss: run only on supported host versions . - fs/cifs: cifs_get_root shouldn"t use path with tree name . - fs/cifs: Compare prepaths when comparing superblocks . - fs/cifs: Fix memory leaks in cifs_do_mount . - fs/cifs: Fix regression which breaks DFS mounting . - fs/cifs: fix wrongly prefixed path to root - fs/cifs: make share unaccessible at root level mountable . - fs/cifs: Move check for prefix path to within cifs_get_root . - fs/select: add vmalloc fallback for select . - hv: do not lose pending heartbeat vmbus packets . - i2c: i801: add Intel Lewisburg device IDs . - i40e: fix an uninitialized variable bug . - include/linux/mmdebug.h: should include linux/bug.h . - increase CONFIG_NR_IRQS 512 - 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS - introduce SIZE_MAX . - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too . - kabi: Import kabi files from 3.0.101-80 - kabi-fix for flock_owner addition . - kabi, unix: properly account for FDs passed over unix sockets . - kaweth: fix firmware download . - kaweth: fix oops upon failed memory allocation . - kvm: x86: only channel 0 of the i8254 is linked to the HPET . - kvm: x86: SYSENTER emulation is broken . - libata: support the ata host which implements a queue depth less than 32 - libfc: sanity check cpu number extracted from xid . - lib/vsprintf: implement bitmap printing through "%*pb[l]" . - lpfc: call lpfc_sli_validate_fcp_iocb with the hbalock held . - bigmem: make bigmem patches configurable . - md: check command validity early in md_ioctl . - md: Drop sending a change uevent when stopping . - md: fix problem when adding device to read-only array with bitmap . - md: lockless I/O submission for RAID1 . - md/raid10: always set reshape_safe when initializing reshape_position . - md/raid10: Fix memory leak when raid10 reshape completes . - mm: fix sleeping function warning from __put_anon_vma . - mm/memory.c: actually remap enough memory . - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED . - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations . - Move patches that create ppc64-bigmem to the powerpc section. Add comments that outline the procedure and warn the unsuspecting. - move the call of __d_drop into __d_materialise_unique . - mpt2sas, mpt3sas: Fix panic when aer correct error occurred . - mshyperv: fix recognition of Hyper-V guest crash MSR"s . - net: add pfmemalloc check in sk_add_backlog . - netback: fix flipping mode . - netfilter: ipv4: defrag: set local_df flag on defragmented skb . - netvsc: fix incorrect receive checksum offloading . - nfs4: reset states to use open_stateid when returning delegation voluntarily . - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID . - nfs: Do not drop directory dentry which is in use . - nfs: Do not write enable new pages while an invalidation is proceeding . - nfs: Fix an LOCK/OPEN race when unlinking an open file . - nfs: Fix a regression in the read syscall . - nfs: Fix races in nfs_revalidate_mapping . - nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping . - nfs: Fix writeback performance issue on cache invalidation . - nfs: Refresh open-owner id when server says SEQID is bad . - nfsv4.1: Fix an NFSv4.1 state renewal regression . - nfsv4: add flock_owner to open context . - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state . - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner . - nfsv4: do not check MAY_WRITE access bit in OPEN . - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one . - nfsv4: fix broken patch relating to v4 read delegations . - nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl . - oom: print nodemask in the oom report . - pci: Add pci_set_vpd_size to set VPD size . - pciback: fix conf_space read/write overlap check. - pciback: return proper values during BAR sizing. - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models . - pm / hibernate: Fix rtree_next_node to avoid walking off list ends . - powerpc/64: Fix incorrect return value from __copy_tofrom_user . - powerpc: Add ability to build little endian kernels . - powerpc: add kernel parameter iommu_alloc_quiet . - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit . - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo "CONFIG_PMAC" obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: Build fix for powerpc KVM . - powerpc: Do not build assembly files with ABIv2 . - powerpc: Do not use ELFv2 ABI to build the kernel . - powerpc: dtc is required to build dtb files . - powerpc: Fix 64 bit builds with binutils 2.24 . - powerpc: Fix error when cross building TAGS cscope . - powerpc: Make the vdso32 also build big-endian . - powerpc: Make VSID_BITS* dependency explicit . - powerpc/mm: Add 64TB support . - powerpc/mm: Change the swap encoding in pte . - powerpc/mm: Convert virtual address to vpn . - powerpc/mm: Fix hash computation function . - powerpc/mm: Increase the slice range to 64TB . - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE . - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit . - powerpc/mm: Replace open coded CONTEXT_BITS value . - powerpc/mm: Simplify hpte_decode . - powerpc/mm: Update VSID allocation documentation . - powerpc/mm: Use 32bit array for slb cache . - powerpc/mm: Use hpt_va to compute virtual address . - powerpc/mm: Use the required number of VSID bits in slbmte . - powerpc: Move kdump default base address to half RMO size on 64bit . - powerpc: Remove altivec fix for gcc versions before 4.0 . - powerpc: Remove buggy 9-year-old test for binutils lt; 2.12.1 . - powerpc: Rename USER_ESID_BITS* to ESID_BITS* . - powerpc: Require gcc 4.0 on 64-bit . - powerpc: Update kernel VSID range . - ppp: defer netns reference release for ppp channel . - qlcnic: fix a timeout loop - random32: add prandom_u32_max . - remove problematic preprocessor constructs . - REVERT fs/cifs: fix wrongly prefixed path to root - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays. - rpm/package-descriptions: add -bigmem description - s390/cio: fix accidental interrupt enabling during resume . - s390/dasd: fix hanging device after clear subchannel . - s390/time: LPAR offset handling . - s390/time: move PTFF definitions . - sata: Adding Intel Lewisburg device IDs for SATA . - sched/core: Fix an SMP ordering race in try_to_wake_up vs. schedule . - sched/core: Fix a race between try_to_wake_up and a woken up task . - sched: Fix possible divide by zero in avg_atom calculation . - scripts/bigmem-generate-ifdef-guard: auto-regen patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: Include this script to regenerate patches.suse/ppc64-bigmem-introduce-CONFIG_BIGMEM - scripts/bigmem-generate-ifdef-guard: make executable - scsi_dh_rdac: retry inquiry for UNIT ATTENTION . - scsi: do not print "reservation conflict" for TEST UNIT READY . - scsi: ibmvfc: add FC Class 3 Error Recovery support . - scsi: ibmvfc: Fix I/O hang when port is not mapped - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI . - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning . - scsi: zfcp: spin_lock_irqsave is not nestable . - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - sfc: on MC reset, clear PIO buffer linkage in TXQs . - sort hyperv patches properly in series.conf - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall detects a race . - tg3: Avoid NULL pointer dereference in tg3_io_error_detected . - tmpfs: change final i_blocks BUG to WARNING . - tty: Signal SIGHUP before hanging up ldisc . - Update patches.xen/xen3-auto-arch-x86.diff . - usb: fix typo in wMaxPacketSize validation . - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices . - usb: hub: Fix unbalanced reference count/memory leak/deadlocks . - usb: validate wMaxPacketValue entries in endpoint descriptors . - vlan: do not deliver frames for unknown vlans to protocols . - vlan: mask vlan prio bits . - vmxnet3: Wake queue from reset work . - x86, amd_nb: Clarify F15h, model 30h GART and L3 support . - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs . - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors . - x86/gart: Check for GART support before accessing GART registers . - x86/MCE/intel: Cleanup CMCI storm logic . - xenbus: inspect the correct type in xenbus_dev_request_and_reply. - xen: x86/mm/pat, /dev/mem: Remove superfluous error message . - xfs: Avoid grabbing ilock when file size is not changed . - xfs: Silence warnings in xfs_vm_releasepage . - zfcp: close window with unblocked rport during rport gone . - zfcp: fix D_ID field with actual value on tracing SAN responses . - zfcp: fix ELS/GS requestresponse length for hardware data router . - zfcp: fix payload trace length for SAN requestresponse . - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace . - zfcp: restore tracing of handle for port and LUN with HBA records . - zfcp: retain trace level for SCSI and HBA FSF response records . - zfcp: trace full payload of all SAN records . - zfcp: trace on request for open and close of WKA port .