The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage
by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340)
CVE-2017-18344: The timer_create syscall implementation didn't properly validate input,
which could have lead to out-of-bounds access.
This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851)
CVE-2018-13406: An integer overflow in the uvesafbsetcmap function could
have result in local attackers being able to crash the kernel or potentially
elevate privileges because kmallocarray is not used (bnc#1100418)
CVE-2018-13053: The alarmtimernsleep function had an integer overflow via a
large relative timeout because ktimeaddsafe was not used (bnc#1099924)
CVE-2018-13405: The inodeinitowner function allowed local users to create
files with an unintended group ownership allowing attackers to escalate
privileges by making a plain file executable and SGID (bnc#1100416)
CVE-2017-5753: Systems with microprocessors utilizing speculative execution
and branch prediction may have allowed unauthorized disclosure of information
to an attacker with local user access via a side-channel analysis (bsc#1068032)
CVE-2018-1118: Linux kernel vhost did not properly initialize memory in
messages passed between virtual guests and the host operating system. This
could have allowed local privileged users to read some kernel memory contents
when reading from the /dev/vhost-net device file (bsc#1092472)
The following non-security bugs were fixed:
1wire: family module autoload fails because of upper/lower case mismatch (bsc#1051510)
8139too: Use disableirqnosync() in rtl8139pollcontroller() (networking-stable-180515)
libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119)
llc: better deal with too small mtu (networking-stable-180515)
llc: delete timers synchronously in llcskfree() (networking-stable-180426)
llc: fix NULL pointer deref for SOCKZAPPED (networking-stable-1804_26)
llc: hold llcsap before releasesock() (networking-stable-180426)
locking/qspinlock: Ensure node is initialised before updating prev->next (bsc#1050549)
locking/qspinlock: Ensure node->count is updated before initialising node (bsc#1050549)
locking: Remove smpreadbarrierdepends() from queuedspinlockslowpath() (bsc#1050549)
lsm: fix smackinoderemovexattr and xattr_getsecurity memleak (bsc#1051510)
macros.kernel-source: define linuxarch for KMPs (boo#1098050). CONFIG64BIT is no longer defined so KMP spec files need to include %{?linuxmakearch} in any make call to build modules or descent into the kernel directory for any reason
macvlan: filter out unsupported feature flags (networking-stable-180328)
macvlan: fix memory hole in macvlan_dev (bsc#1099918)
macvlan: remove unused fields in struct macvlan_dev (bsc#1099918)
mailbox: PCC: erroneous error message when parsing acpi PCCT (bsc#1096330)
mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence (bsc#1051510)
mailbox: bcm-flexrm-mailbox: Fix mask used in CMPLSTARTADDR_VALUE() (bsc#1051510)
mailbox: bcm2835: Fix of_xlate return value (bsc#1051510)
mailbox: mailbox-test: do not rely on rx_buffer content to signal data ready (bsc#1051510)
mdio-sun4i: Fix a memory leak (bsc#1051510)
media: coda/imx-vdoa: Check for platformgetresource() error (bsc#1051510)
media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510)
media: cx25840: Use subdev host data for PLL override (bsc#1051510)
media: cx88: Get rid of spurious call to cx8800startvbi_dma() (bsc#1051510)
media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510)
media: dt-bindings: media: rcar_vin: Use status 'okay' (bsc#1051510)
media: dvb-core: always call invokerelease() in fefree() (bsc#1051510)
restore condresched() in shrinkdcache_parent() (bsc#1098599)
rmdir(),rename(): do shrinkdcacheparent() only on success (bsc#1100340)
rocker: fix possible null pointer dereference in rockerrouterfibeventwork (networking-stable-180206)
route: check sysctlfibmultipathuseneigh earlier than hash (networking-stable-180410)
rpm/config.sh: Use SUSE:SLE-15:Update project instead of GA
rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build still non-working thus the sub-packaging disabled so far
rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995)
rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files
rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc
rpm: ignore CONFIGGCCVERSION when checking for oldconfig changes Since 4.18-rc1, 'make oldconfig' writes gcc version and capabilities into generated .config. Thus whenever we build the package or run checks with different gcc version than used to update config//, check for 'outdated configs' fails. As a quick band-aid, omit the lines with CONFIGGCCVERSION from both configs before comparing them. This way, the check won't fail unless run with newer gcc which would add new capabilities. More robust solution will require a wider discussion