The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix bugs and security issues.
The following security issues have been fixed:
- aacraid: Check size values after double-fetch from user (CVE-2016-6480 bsc#991608). - aacraid: Prevent out-of-bounds access due to changing fip header sizes (bsc#991608, CVE-2016-6480). - kabi: Revert xt_compat_match_from_user signature change (CVE-2016-4997 bsc#986362). - kvm/x86: Reload pit counters for all channels when restoring state (bsc#960689 CVE-2015-7513). - netfilter/arp_tables: Simplify translate_compat_table args (CVE-2016-4997 bsc#986362). - netfilter/ip6_tables: Simplify translate_compat_table args (CVE-2016-4997 bsc#986362). - netfilter/ip_tables: Simplify translate_compat_table args (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Add and use xt_check_entry_offsets (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Add compat version of xt_check_entry_offsets (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Assert minimum target size (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Check for bogus target offset (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Check standard target size too (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Do compat validation via translate_table (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Don't move to non-existent next rule (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Don't reject valid target size on some architectures (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Kill check_entry helper (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Speed up jump target validation (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Validate all offsets and sizes in a rule (CVE-2016-4997 bsc#986362). - netfilter/x_tables: Validate targets of jumps (CVE-2016-4997 bsc#986362). - netfilter/x_tables: xt_compat_match_from_user doesn't need a retval (CVE-2016-4997 bsc#986362). - scsi/arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (bsc#999932 CVE-2016-7425). - tcp: Fix use after free in tcp_xmit_retransmit_queue() (CVE-2016-6828 bsc#994296). - tcp: Make challenge acks less predictable (CVE-2016-5696 bsc#989152). - unix: Properly account for FDs passed over unix sockets (bsc#839104, CVE-2013-4312).
Additionally the following non-security bugs have been fixed:
- Add blist flags (fate#317533). - Add support for netvsc build without CONFIG_SYSFS flag (fate#317533). - clockevents: Export clockevents_config_and_register for module use (fate#317533). - Fix the VLAN_TAG_PRESENT in netvsc_recv_callback() (fate#317533). - flow_dissector: Add support for IPPROTO_IPV6 (fate#317533). - flow_dissector: Clean up IPIP case (fate#317533). - flow_dissector: Factor out the ports extraction in skb_flow_get_ports (fate#317533). - flow_dissector: Fail on evil iph->ihl (fate#317533). - flow_dissector: Fix thoff for IPPROTO_AH (fate#317533). - flow_dissector: Small optimizations in IPv4 dissect (fate#317533). - flow_dissector: Use a 64bit load/store (fate#317533). - flow_dissector: Use IPv6 flow label in flow_dissector (fate#317533). - flow_keys: Include thoff into flow_keys for later usage (fate#317533). - flow_keys: Record IP layer protocol in skb_flow_dissect() (fate#317533). - flow_keys: Remove extern from function prototypes (fate#317533). - hid/hyperv: Make sure input buffer is big enough (fate#317533). - hid/hyperv: Match wait_for_completion_timeout return type (fate#317533). - hid/hyperv: Register as a wakeup source (fate#317533). - hv/balloon: Make pressure posting thread sleep interruptibly (fate#317533). - hv/balloon: Ensure pressure reports are posted regularly (fate#317533). - hv: Change variable type to bool (fate#317533). - hv/channel: Match var type to return type of wait_for_completion (fate#317533). - hv/channel_mgmt: Match var type to return type of wait_for_completion (fate#317533). - hv: Check vmbus_device_create() return value in vmbus_process_offer() (fate#317533). - hv: Don't do hypercalls when hypercall_page is NULL. - hv: Eliminate the channel spinlock in the callback path (fate#317533). - hv: fcopy_open() can be static (fate#317533). - hv: Fix wrong check for synic_event_page (fate#317533). - hv/balloon: Avoid memory leak on alloc_error of 2MB memory block. - hv/balloon: Correctly handle num_pages>INT_MAX case (fate#317533). - hv/balloon: Correctly handle val.freeram include (fate#317533). - x86/hyperv: Get the local APIC timer frequency from the hypervisor (fate#317533). - x86/hyperv: Mark the Hyper-V clocksource as being continuous (fate#317533). - x86/hyperv: Move a variable to avoid an unused variable warning (fate#317533). - x86/irq, pic: Probe for legacy PIC and set legacy_pic appropriately (fate#317533). - x86/mm: Create slow_virt_to_phys() (fate#317533). - x86/mm: Pagetable level size/shift/mask helpers (fate#317533). - x86/pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (fate#317533, bsc#937256). - xen/panic/x86: Allow cpus to save registers even if they (bsc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bsc#937444).
openSUSE Leap 15.0 openSUSE Leap 42.3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12-LTSS SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8