Univention Corporate Server 4.3 erratum 206 (security)

This update addresses the following issues:
* Integer overflow in events/core.c:perf_cpu_time_max_percent_handler() can
  allow for denial of service (CVE-2017-18255)
* vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
  (CVE-2018-1118)
* fuse-backed file mmap-ed onto process cmdline arguments causes denial of
  service (CVE-2018-1120)
* a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to
  a system crash (CVE-2018-1130)
* cpu: speculative store bypass (CVE-2018-3639)
* Race condition errors in USB over IP functionality can cause denial of
  service (CVE-2018-5814)
* Incorrect integer signedness in sbuslibc:sbusfb_ioctl_helper() allows for
  information leakage (CVE-2018-6412)
* ata qc leak in drivers/scsi/libsas/sas_scsi_host.c allows local users to
  cause denial-of-service (CVE-2018-10021)
* Undefined behavior in kernel/exit.c:kernel_wait4() function allows local
  denial of service (CVE-2018-10087)
* Undefined behaviour with INT_MIN argument in
  kernel/signal.c:kill_something_info() allows for denial of service
  (CVE-2018-10124)
* use-after-free in jbd2_journal_commit_transaction funtion (CVE-2018-10876)
* out-of-bound access in ext4_ext_drop_refs function with a crafted ext4
  image (CVE-2018-10877)
* out-of-bound write in ext4_init_block_bitmap function with a crafted ext4
  image (CVE-2018-10878)
* use-after-free detected in ext4_xattr_set_entry with a crafted file
  (CVE-2018-10879)
* stack-out-of-bounds write in ext4_update_inline_data function
  (CVE-2018-10880)
* out-of-bound access in ext4_get_group_info() when mounting and operating a
  crafted ext4 image (CVE-2018-10881)
* stack-out-of-bounds write infs/jbd2/transaction.c (CVE-2018-10882)
* stack-out-of-bounds write in jbd2_journal_dirty_metadata function
  (CVE-2018-10883)
* incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
* Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of
  service or other unspecified impact (CVE-2018-11506)
* Memory corruption in JFS setattr (CVE-2018-12233)
* Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on
  non-directories for non-members (CVE-2018-13405)
* Infoleak caused by incorrect handling of the SG_IO ioctl (CVE-2018-1000204)
* cpu: speculative execution bounds-check bypass (CVE-2017-5753)
* kvm: guest userspace to guest kernel write (CVE-2018-10853)
* Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when
  empty TargetInfo is returned in NTLMSSP setup negotiation response allowing
  to crash client's kernel (CVE-2018-1066)
* Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow
  attackers to execute code in kernel space (CVE-2018-8781)
* Memory corruption in ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
  (CVE-2018-8822)
* KVM: error in exception handling leads to wrong debug stack value
  (CVE-2018-1087)
* error in exception handling leads to DoS (CVE-2018-8897)
* ptrace() incorrect error handling leads to corruption and DoS
  (CVE-2018-1000199)
* use-after-free in the usbtv_probe function in
  drivers/media/usb/usbtv/usbtv-core.c (CVE-2017-17975)
* Memory corruption in ethtool_get_strings function in hns driver
  (CVE-2017-18222)
* Memory leak in the sas_smp_get_phy_events function in
  drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when
  mounting crafted ext4 image (CVE-2018-1092)
* drivers: getrandom(2) unblocks too early after system boot (CVE-2018-1108)
* Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash
  with crafted ext4 image (CVE-2018-1093)
* Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl()
  can lead to potential denial of service (CVE-2018-8087)
* hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3620)
* hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3646)
* IP fragments with random offsets allow a remote denial of service
  (FragmentSmack) (CVE-2018-5391)