Univention Corporate Server 4.3 erratum 330 (security)

This update of the Linux kernel to version 4.9.130 addresses the following
issues:
* scsi: target: iscsi: Use hex2bin instead of a re-implementation
  (CVE-2018-14633)
* irda: Only insert new objects into the global database via setsockopt
  (CVE-2018-6555)
* irda: Fix memory leak caused by repeated binds of irda socket
  (CVE-2018-6554)
* Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363)
* x86/KVM/VMX: Add module argument for L1TF mitigation (CVE-2018-3620)
* ext4: add more inode number paranoia checks (CVE-2018-10882)
* ext4: clear i_data in ext4_inode_info when removing inline data
  (CVE-2018-10881)
* ext4: verify the depth of extent tree in ext4_find_extent()
  (CVE-2018-10877)
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
* jbd2: don't mark block as modified if the handle is out of credits
  (CVE-2018-10883)
* Fix up non-directory creation in SGID directories (CVE-2018-13405)
* Integer overflow in drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() allows
  for potential denial of service (CVE-2018-13406)
* ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902)
* ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224)
* Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938)
* x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  (CVE-2018-15594)
* HID: debug: check length before copy_to_user() (CVE-2018-9516)
* mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182)
* ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
  (CVE-2017-18216)
* cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658)
* x86/entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678)
* USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276)
* x86/speculation: Protect against userspace-userspace spectreRSB
  (CVE-2018-15572)