The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted HIDIOCGUSAGES or HIDIOCSUSAGES ioctl call . - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement . - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service via vectors involving a crafted keyctl request2 command . The following non-security bugs were fixed: - RDMA/cxgb4: Configure 0B MRs to match HW implementation . - RDMA/cxgb4: Do not hang threads forever waiting on WR replies . - RDMA/cxgb4: Fix locking issue in process_mpa_request . - RDMA/cxgb4: Handle NET_XMIT return codes . - RDMA/cxgb4: Increase epd buff size for debug interface . - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices . - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction . - RDMA/cxgb4: Wake up waiters after flushing the qp . - bridge: superfluous skb-nfct check in br_nf_dev_queue_xmit . - iucv: call skb_linearize when needed . - kabi: prevent spurious modversion changes after bsc#982544 fix . - mm/swap.c: flush lru pvecs on compound page arrival . - mm: Fix DIF failures on ext3 filesystems . - net/qlge: Avoids recursive EEH error . - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 . - netfilter: bridge: do not leak skb in error paths . - netfilter: bridge: forward IPv6 fragmented packets . - qeth: delete napi struct when removing a qeth device . - s390/mm: fix asce_bits handling with dynamic pagetable levels . - s390/pci: fix use after free in dma_init . - s390: fix test_fp_ctl inline assembly contraints . - sched/cputime: Fix clock_nanosleep/clock_gettime inconsistency . - sched/cputime: Fix cpu_timer_sample_group double accounting . - sched: Provide update_curr callbacks for stop/idle scheduling classes . - x86/mm/pat, /dev/mem: Remove superfluous error message .