-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3621
                   Security update for the Linux Kernel
                              22 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25645 CVE-2020-12352 CVE-2020-12351

Reference:         ESB-2020.3596
                   ESB-2020.3595
                   ESB-2020.3592
                   ESB-2020.3518.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202972-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2972-1
Rating:            critical
References:        #1065729 #1140683 #1172538 #1174748 #1175520 #1176400
                   #1176946 #1177027 #1177340 #1177511 #1177685 #1177724
                   #1177725
Cross-References:  CVE-2020-12351 CVE-2020-12352 CVE-2020-25645
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Module for Legacy Software 15-SP1
                   SUSE Linux Enterprise Module for Development Tools 15-SP1
                   SUSE Linux Enterprise Module for Basesystem 15-SP1
                   SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________

An update that solves three vulnerabilities and has 10 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
    "BleedingTooth" aka "BadKarma" (bsc#1177724).
  o CVE-2020-12352: Fixed an information leak when processing certain AMP
    packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725).
  o CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints
    may be unencrypted when IPsec is configured to encrypt traffic for the
    specific UDP port used by the GENEVE tunnel allowing anyone between the two
    endpoints to read the traffic unencrypted (bsc#1177511).

The following non-security bugs were fixed:

  o drm/sun4i: mixer: Extend regmap max_register (git-fixes).
  o i2c: meson: fix clock setting overwrite (git-fixes).
  o iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
  o mac80211: do not allow bigger VHT MPDUs than the hardware supports
    (git-fixes).
  o macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
  o mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
  o mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#
    1177685).
  o NFS: On fatal writeback errors, we need to call nfs_inode_remove_request()
    (bsc#1177340).
  o NFS: Revalidate the file mapping on all fatal writeback errors (bsc#
    1177340).
  o nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#
    1174748). add two previous futile attempts to fix the bug to blacklist.conf
  o nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).
  o nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).
  o nvme: fix possible io failures when removing multipathed ns (bsc#1174748).
  o nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: -
    patches.suse/nvme-flush-scan_work-when-resetting-controller.patch
  o nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).
  o nvme-multipath: do not reset on unknown status (bsc#1174748).
  o nvme: Namepace identification descriptor list is optional (bsc#1174748).
  o nvme: pass status to nvme_error_status (bsc#1174748).
  o nvme-rdma: Avoid double freeing of async event data (bsc#1174748).
  o nvme: return error from nvme_alloc_ns() (bsc#1174748).
  o powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
  o scsi-hisi-kabi-fixes.patch
  o scsi-hisi-kabi-fixes.patch
  o scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#
    1140683).
  o scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).
  o scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32()
    (bsc#1140683).
  o scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#
    1140683).
  o scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#
    1140683).
  o scsi: hisi_sas: Do some more tidy-up (bsc#1140683).
  o scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#
    1140683).
  o scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs
    code (bsc#1140683). Refresh:
  o scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch
  o scsi: hisi_sas: No need to check return value of debugfs_create functions
    (bsc#1140683). Update:
  o scsi: hisi_sas: Some misc tidy-up (bsc#1140683).
  o scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#
    1172538).
  o scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#
    1172538).
  o scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc
    #1172538).
  o scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946
    bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc
    #1175520 bsc#1172538).
  o scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#
    1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#
    1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#
    1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#
    1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#
    1172538).
  o scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#
    1172538).
  o scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946
    bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#
    1172538).
  o scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#
    1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
  o scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc
    #1172538).
  o scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#
    1175520 bsc#1172538).
  o scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520
    bsc#1172538).
  o scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520
    bsc#1172538).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 15-SP1:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2972=1
  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2972=1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2972=1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2972=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2972=1
  o SUSE Linux Enterprise High Availability 15-SP1:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2972=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
       kernel-default-debuginfo-4.12.14-197.64.1
       kernel-default-debugsource-4.12.14-197.64.1
       kernel-default-extra-4.12.14-197.64.1
       kernel-default-extra-debuginfo-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-default-debuginfo-4.12.14-197.64.1
       kernel-default-debugsource-4.12.14-197.64.1
       kernel-default-livepatch-4.12.14-197.64.1
       kernel-default-livepatch-devel-4.12.14-197.64.1
       kernel-livepatch-4_12_14-197_64-default-1-3.3.1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le
    s390x x86_64):
       kernel-default-debuginfo-4.12.14-197.64.1
       kernel-default-debugsource-4.12.14-197.64.1
       reiserfs-kmp-default-4.12.14-197.64.1
       reiserfs-kmp-default-debuginfo-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le
    s390x x86_64):
       kernel-obs-build-4.12.14-197.64.1
       kernel-obs-build-debugsource-4.12.14-197.64.1
       kernel-syms-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
       kernel-docs-4.12.14-197.64.1
       kernel-source-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       kernel-default-4.12.14-197.64.1
       kernel-default-base-4.12.14-197.64.1
       kernel-default-base-debuginfo-4.12.14-197.64.1
       kernel-default-debuginfo-4.12.14-197.64.1
       kernel-default-debugsource-4.12.14-197.64.1
       kernel-default-devel-4.12.14-197.64.1
       kernel-default-devel-debuginfo-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
       kernel-devel-4.12.14-197.64.1
       kernel-macros-4.12.14-197.64.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
       kernel-default-man-4.12.14-197.64.1
       kernel-zfcpdump-debuginfo-4.12.14-197.64.1
       kernel-zfcpdump-debugsource-4.12.14-197.64.1
  o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       cluster-md-kmp-default-4.12.14-197.64.1
       cluster-md-kmp-default-debuginfo-4.12.14-197.64.1
       dlm-kmp-default-4.12.14-197.64.1
       dlm-kmp-default-debuginfo-4.12.14-197.64.1
       gfs2-kmp-default-4.12.14-197.64.1
       gfs2-kmp-default-debuginfo-4.12.14-197.64.1
       kernel-default-debuginfo-4.12.14-197.64.1
       kernel-default-debugsource-4.12.14-197.64.1
       ocfs2-kmp-default-4.12.14-197.64.1
       ocfs2-kmp-default-debuginfo-4.12.14-197.64.1


References:

  o https://www.suse.com/security/cve/CVE-2020-12351.html
  o https://www.suse.com/security/cve/CVE-2020-12352.html
  o https://www.suse.com/security/cve/CVE-2020-25645.html
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1140683
  o https://bugzilla.suse.com/1172538
  o https://bugzilla.suse.com/1174748
  o https://bugzilla.suse.com/1175520
  o https://bugzilla.suse.com/1176400
  o https://bugzilla.suse.com/1176946
  o https://bugzilla.suse.com/1177027
  o https://bugzilla.suse.com/1177340
  o https://bugzilla.suse.com/1177511
  o https://bugzilla.suse.com/1177685
  o https://bugzilla.suse.com/1177724
  o https://bugzilla.suse.com/1177725

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5DBKeNLKJtyKPYoAQiQRhAAp8K19NrxPbo6e6wrifhVRGmGN9pTdKwN
qslgOgaH7YXCAu5BTsf3lNwKe0jNJlCVsbrdvzREvJsZ1tAkHMrF4L9JU57lDaKn
HookY3BJkxDLs5WitIOnHU97v0PLJtThucMqgOrJ8+6s6VKhIGM5Pcb2P2B2LSnM
snBxwmBJzvMWgJDPFTUVaZJOwErnSSuqKgMVWPPqwKZ8ZwMKrlFfGF4e9MvVaG5j
hC8xNmNC+VkWiuBMOoIg/DVTf7d9kDFSNXQkbhxu+lgVis9ozACe/D4u/89zQiRg
j0jmL9QMklrCZLtqcWZSLJh7Dsu5wwrecHBSObm40GJdZTv449/zSB7pmpkOyFAF
W16pvGyN+78kAuFv/wiNAEQ4HPw+ikbrzE1ZKKDP6EDF3N+/Uf3uwU4dRN2qhomR
uZw6LXjNmF2Zhc4XCETxcHKGxawyIvfFf93AeM3w4eg/R1tdy6yGOCB0PlRL3I9k
36cl6R513HFCBpySIgMnq6CExl3MtRBwKW8d3zM8gYgMXM9Kc/w4/MOvjShbTq1o
303laweombUrTDU5ggIe61KpHj6D9EpvuABsyU5VFAcLVbfjKUeVtH0RgKHMp9xH
7TwOgO44Yi+/NwV/oNhMWs3Pk65dvFzQIle7Ix8gaN+pdLUMr+Ec0GJ6LtPJovmp
SNv8qMDAtiM=
=8sHn
-----END PGP SIGNATURE-----