ESB-2017.2751 - [SUSE] kernel: Multiple vulnerabilities 2017-10-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2751
        SUSE Security Update: Security update for the Linux Kernel
                              31 October 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise                -- Existing Account            
                   Access Privileged Data         -- Remote/Unauthenticated      
                   Modify Arbitrary Files         -- Existing Account            
                   Denial of Service              -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000380 CVE-2017-1000365 CVE-2017-1000363
                   CVE-2017-15649 CVE-2017-15274 CVE-2017-15265
                   CVE-2017-14140 CVE-2017-14106 CVE-2017-14051
                   CVE-2017-13080 CVE-2017-12762 CVE-2017-12192
                   CVE-2017-12154 CVE-2017-12153 CVE-2017-11176
                   CVE-2017-10661 CVE-2017-9242 CVE-2017-9077
                   CVE-2017-9076 CVE-2017-9075 CVE-2017-9074
                   CVE-2017-8925 CVE-2017-8924 CVE-2017-8890
                   CVE-2017-8831 CVE-2017-7889 CVE-2017-7542
                   CVE-2017-7541 CVE-2017-7518 CVE-2017-7487
                   CVE-2017-7482 CVE-2017-6346 CVE-2016-10277

Reference:         ASB-2017.0156
                   ESB-2017.2729
                   ESB-2017.2700
                   ESB-2017.2657.2
                   ESB-2017.2650
                   ESB-2017.2552
                   ESB-2017.2516
                   ESB-2017.2401

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2017/suse-su-20172908-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2908-1
Rating:             important
References:         #1001459 #1012985 #1023287 #1027149 #1028217 
                    #1030531 #1030552 #1031515 #1033960 #1034405 
                    #1035531 #1035738 #1037182 #1037183 #1037994 
                    #1038544 #1038564 #1038879 #1038883 #1038981 
                    #1038982 #1039348 #1039354 #1039456 #1039721 
                    #1039864 #1039882 #1039883 #1039885 #1040069 
                    #1041160 #1041429 #1041431 #1042696 #1042832 
                    #1042863 #1044125 #1045327 #1045487 #1045922 
                    #1046107 #1048275 #1048788 #1049645 #1049882 
                    #1053148 #1053152 #1053317 #1056588 #1056982 
                    #1057179 #1058410 #1058507 #1058524 #1059863 
                    #1062471 #1062520 #1063667 #1064388 #856774 
                    #860250 #863764 #878240 #922855 #922871 #986924 
                    #993099 #994364 
Cross-References:   CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380
                    CVE-2017-10661 CVE-2017-11176 CVE-2017-12153
                    CVE-2017-12154 CVE-2017-12762 CVE-2017-13080
                    CVE-2017-14051 CVE-2017-14106 CVE-2017-14140
                    CVE-2017-15265 CVE-2017-15274 CVE-2017-15649
                    CVE-2017-7482 CVE-2017-7487 CVE-2017-7518
                    CVE-2017-7541 CVE-2017-7542 CVE-2017-7889
                    CVE-2017-8831 CVE-2017-8890 CVE-2017-8924
                    CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
                    CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
                   
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 30 vulnerabilities and has 38 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
     users to gain privileges via crafted system calls that trigger
     mishandling of packet_fanout data structures, because of a race
     condition (involving fanout_add and packet_do_bind) that leads to a
     use-after-free, a different vulnerability than CVE-2017-6346
     (bnc#1064388).
   - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
     reinstallation of the Group Temporal Key (GTK) during the group key
     handshake, allowing an attacker within radio range to replay frames from
     access points to clients (bnc#1063667).
   - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
     consider the case of a NULL payload in conjunction with a nonzero length
     value, which allowed local users to cause a denial of service (NULL
     pointer dereference and OOPS) via a crafted add_key or keyctl system
     call, a different vulnerability than CVE-2017-12192 (bnc#1045327).
   - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed
     local users to have unspecified impact via vectors related to
     /dev/snd/seq (bnc#1062520).
   - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
     arguments and environmental strings passed through
     RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
     argument and environment pointers into account, which allowed attackers
     to bypass this limitation. (bnc#1039354).
   - CVE-2017-12153: A security flaw was discovered in the
     nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
     kernel This function did not check whether the required attributes are
     present in a Netlink request. This request can be issued by a user with
     the CAP_NET_ADMIN capability and may result in a NULL pointer
     dereference and system crash (bnc#1058410).
   - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the
     Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store
     exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR
     shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain
     read and write access to the hardware CR8 register (bnc#1058507).
   - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the
     Linux kernel allowed local users to cause a denial of service
     (__tcp_select_window divide-by-zero error and system crash) by
     triggering a disconnect within a certain tcp_recvmsg code path
     (bnc#1056982).
   - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux
     kernel doesn't check the effective uid of the target process, enabling a
     local attacker to learn the memory layout of a setuid executable despite
     ASLR (bnc#1057179).
   - CVE-2017-14051: An integer overflow in the
     qla2x00_sysfs_write_optrom_ctl function in
     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
     to cause a denial of service (memory corruption and system crash) by
     leveraging root access (bnc#1056588).
   - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel
     allowed local users to gain privileges or cause a denial of service
     (list corruption or use-after-free) via simultaneous file-descriptor
     operations that leverage improper might_cancel queueing (bnc#1053152).
   - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled
     buffer is copied into a local buffer of constant size using strcpy
     without a length check which can cause a buffer overflow. (bnc#1053148).
   - CVE-2017-8831: The saa7164_bus_get function in
     drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
     local users to cause a denial of service (out-of-bounds array access) or
     possibly have unspecified other impact by changing a certain
     sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
   - CVE-2017-7482: A potential memory corruption was fixed in decoding of
     krb5 principals in the kernels kerberos handling. (bnc#1046107).
   - CVE-2017-7542: The ip6_find_1stfragopt function in
     net/ipv6/output_core.c in the Linux kernel allowed local users to cause
     a denial of service (integer overflow and infinite loop) by leveraging
     the ability to open a raw socket (bnc#1049882).
   - CVE-2017-11176: The mq_notify function in the Linux kernel did not set
     the sock pointer to NULL upon entry into the retry logic. During a
     user-space close of a Netlink socket, it allowed attackers to cause a
     denial of service (use-after-free) or possibly have unspecified other
     impact (bnc#1048275).
   - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
     kernel allowed local users to cause a denial of service (buffer overflow
     and system crash) or possibly gain privileges via a crafted
     NL80211_CMD_FRAME Netlink packet (bnc#1049645).
   - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug
     exception(#DB) error. It could occur while emulating a syscall
     instruction and potentially lead to guest privilege escalation.
     (bsc#1045922).
   - CVE-2017-8924: The edge_bulk_in_callback function in
     drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
     obtain sensitive information (in the dmesg ringbuffer and syslog) from
     uninitialized kernel memory by using a crafted USB device (posing as an
     io_ti USB serial device) to trigger an integer underflow (bnc#1037182
     bsc#1038982).
   - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
     in the Linux kernel allowed local users to cause a denial of service
     (tty exhaustion) by leveraging reference count mishandling (bnc#1037183
     bsc#1038981).
   - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable
     to a data race in the ALSA /dev/snd/timer driver resulting in local
     users being able to read information belonging to other users, i.e.,
     uninitialized memory contents might have been disclosed when a read and
     an ioctl happen at the same time (bnc#1044125).
   - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bnc#1041431).
   - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a
     missing bounds check, and the fact that parport_ptr integer is static, a
     'secure boot' kernel command line adversary (could happen due to
     bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a
     vulnerability the adversary has partial control over the command line)
     could overflow the parport_nr array in the following code, by appending
     many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456).
   - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).
   - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).
   - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).
   - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
     did not consider that the nexthdr field may be associated with an
     invalid option, which allowed local users to cause a denial of service
     (out-of-bounds read and BUG) or possibly have unspecified other impact
     via crafted socket and send system calls (bnc#1039882).
   - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
     Linux kernel mishandled reference counts, which allowed local users to
     cause a denial of service (use-after-free) or possibly have unspecified
     other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
     (bnc#1038879).
   - CVE-2017-8890: The inet_csk_clone_lock function in
     net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
     cause a denial of service (double free) or possibly have unspecified
     other impact by leveraging use of the accept system call (bnc#1038544).
   - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly
     enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed
     local users to read or write to kernel memory locations in the first
     megabyte (and bypass slab-allocation access restrictions) via an
     application that opens the /dev/mem file, related to arch/x86/mm/init.c
     and drivers/char/mem.c (bnc#1034405).

   The following new features were implemented:
   - the r8152 network driver was updated to support Realtek RTL8152/RTL8153
     Based USB Ethernet Adapters (fate#321482)

   The following non-security bugs were fixed:

   - blkback/blktap: do not leak stack data via response ring (bsc#1042863
     XSA-216).
   - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
   - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - btrfs: Check qgroup level in kernel qgroup assign (bsc#1001459).
   - btrfs: qgroup: allow to remove qgroup which has parent but no child
     (bsc#1001459).
   - btrfs: quota: Automatically update related qgroups or mark INCONSISTENT
     flags when assigning/deleting a qgroup relations (bsc#1001459).
   - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).
   - ceph: fix file open flags on ppc64 (git-fixes).
   - ceph: check i_nlink while converting a file handle to dentry
     (bsc#1039864).
   - drivers/net: delete non-required instances of include
     <linux/init.h> (bsc#993099).
   - drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet
     (bsc#993099).
   - drivers/net/usb: Add support for 'Lenovo OneLink Pro Dock' (bsc#993099).
   - enic: set skb->hash type properly (bsc#922871).
   - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - firmware: dmi_scan: Fix ordering of product_uuid (bsc#1030531).
   - fm10k: correctly check if interface is removed (bsc#922855).
   - fs/block_dev: always invalidate cleancache in invalidate_bdev()
     (git-fixes).
   - fs: fix data invalidation in the cleancache during direct IO (git-fixes).
   - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).
   - hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (bsc#1023287,
     bsc#1028217, bsc#1048788).
   - jhash: Update jhash_[321]words functions to use correct initval
     (git-fixes).
   - kABI: mask an include (bsc#994364).
   - md: ensure md devices are freed before module is unloaded (git-fixes).
   - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
   - md/raid0: update queue parameter in a safer location (git-fixes).
   - md/raid1: do not clear bitmap bit when bad-block-list write fails
     (git-fixes).
   - md/raid10: do not clear bitmap bit when bad-block-list write fails
     (git-fixes).
   - md/raid10: ensure device failure recorded before write request returns
     (git-fixes).
   - mlock: fix mlock count can not decrease in race condition (VM
     Functionality, bsc#1042696).
   - mlx: Revert the mlx5e_tx_notify_hw() changes.(bsc#1033960)
   - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
     Functionality, bsc#1042832).
   - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
     Functionality, bsc#1042832).
   - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
     (bnc#1039348).
   - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).
   - net: get rid of SET_ETHTOOL_OPS (bsc#993099).
   - net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet (bsc#993099).
   - netvsc: get rid of completion timeouts (bsc#1048788).
   - nfs v4.1: Fix Oopsable condition in server callback races (git-fixes).
   - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
     (bnc#1012985).
   - powerpc: Add missing error check to prom_find_boot_cpu() (bnc#856774).
   - powerpc/book3s: Fix MCE console messages for unrecoverable MCE
     (bnc#878240).
   - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1041429,
     [2017-05-29] Pending SUSE Kernel Fixes).
   - powerpc: Fix bad inline asm constraint in create_zero_mask()
     (bnc#856774).
   - powerpc/64: Fix flush_(d|i)cache_range() called from modules
     (bnc#863764).
   - printk: prevent userland from spoofing kernel messages (bsc#1039721).
   - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - rtl8152: correct speed testing (bsc#993099).
   - r8152: add functions to set EEE (bsc#993099).
   - r8152: add MODULE_VERSION (bsc#993099).
   - r8152: add mutex for hw settings (bsc#993099).
   - r8152: add pre_reset and post_reset (bsc#993099).
   - r8152: add reset_resume function (bsc#993099).
   - r8152: add rtl_ops (bsc#993099).
   - r8152: add skb_cow_head (bsc#993099).
   - r8152: add three functions (bsc#993099).
   - r8152: adjust ALDPS function (bsc#993099).
   - r8152: adjust lpm timer (bsc#993099).
   - r8152: adjust rtl_start_rx (bsc#993099).
   - r8152: adjust rx_bottom (bsc#993099).
   - r8152: adjust r8152_submit_rx (bsc#993099).
   - r8152: adjust the line feed for hw_features (bsc#993099).
   - r8152: adjust usb_autopm_xxx (bsc#993099).
   - r8152: autoresume before setting feature (bsc#993099).
   - r8152: autoresume before setting MAC address (bsc#993099).
   - r8152: calculate the dropped packets for rx (bsc#993099).
   - r8152: call rtl_start_rx after netif_carrier_on (bsc#993099).
   - r8152: clear BMCR_PDOWN (bsc#993099).
   - r8152: clear LINK_OFF_WAKE_EN after autoresume (bsc#993099).
   - r8152: clear SELECTIVE_SUSPEND when autoresuming (bsc#993099).
   - r8152: clear the flag of SCHEDULE_TASKLET in tasklet (bsc#993099).
   - r8152: combine PHY reset with set_speed (bsc#993099).
   - r8152: constify ethtool_ops structures (bsc#993099).
   - r8152: correct some messages (bsc#993099).
   - r8152: correct the rx early size (bsc#993099).
   - r8152: deal with the empty line and space (bsc#993099).
   - r8152: disable ALDPS and EEE before setting PHY (bsc#993099).
   - r8152: disable ALDPS (bsc#993099).
   - r8152: disable MAC clock speed down (bsc#993099).
   - r8152: disable power cut for RTL8153 (bsc#993099).
   - r8152: disable teredo for RTL8152 (bsc#993099).
   - r8152: disable the capability of zero length (bsc#993099).
   - r8152: disable the ECM mode (bsc#993099).
   - r8152: disable the tasklet by default (bsc#993099).
   - r8152: do not enable napi before rx ready (bsc#993099).
   - r8152: ecm and vendor modes coexist (bsc#993099).
   - r8152: fix incorrect type in assignment (bsc#993099).
   - r8152: fix lockup when runtime PM is enabled (bsc#993099).
   - r8152: fix runtime function for RTL8152 (bsc#993099).
   - r8152: fix r8152_csum_workaround function (bsc#993099).
   - r8152: fix setting RTL8152_UNPLUG (bsc#993099).
   - r8152: fix the carrier off when autoresuming (bsc#993099).
   - r8152: fix the checking of the usb speed (bsc#993099).
   - r8152: fix the issue about U1/U2 (bsc#993099).
   - r8152: fix the runtime suspend issues (bsc#993099).
   - r8152: fix the submission of the interrupt transfer (bsc#993099).
   - r8152: fix the wake event (bsc#993099).
   - r8152: fix the warnings and a error from checkpatch.pl (bsc#993099).
   - r8152: fix the wrong return value (bsc#993099).
   - r8152: fix tx/rx memory overflow (bsc#993099).
   - r8152: fix wakeup settings (bsc#993099).
   - r8152: change rx early size when the mtu is changed (bsc#993099).
   - r8152: change some definitions (bsc#993099).
   - r8152: change the descriptor (bsc#993099).
   - r8152: change the EEE definition (bsc#993099).
   - r8152: change the location of rtl8152_set_mac_address (bsc#993099).
   - r8152: check code with checkpatch.pl (bsc#993099).
   - r8152: check linking status with netif_carrier_ok (bsc#993099).
   - r8152: check RTL8152_UNPLUG and netif_running before autoresume
     (bsc#993099).
   - r8152: check RTL8152_UNPLUG (bsc#993099).
   - r8152: check RTL8152_UNPLUG for rtl8152_close (bsc#993099).
   - r8152: check the status before submitting rx (bsc#993099).
   - r8152: check tx agg list before spin lock (bsc#993099).
   - r8152: check WORK_ENABLE in suspend function (bsc#993099).
   - r8152: increase the tx timeout (bsc#993099).
   - r8152: load the default MAC address (bsc#993099).
   - r8152: modify rtl_ops_init (bsc#993099).
   - r8152: modify the check of the flag of PHY_RESET in set_speed function
     (bsc#993099).
   - r8152: modify the method of accessing PHY (bsc#993099).
   - r8152: modify the tx flow (bsc#993099).
   - r8152: move enabling PHY (bsc#993099).
   - r8152: move PHY settings to hw_phy_cfg (bsc#993099).
   - r8152: move rtl8152_unload and ocp_reg_write (bsc#993099).
   - r8152: move r8152b_get_version (bsc#993099).
   - r8152: move some functions (bsc#993099).
   - r8152: move some functions (bsc#993099).
   - r8152: move some functions from probe to open (bsc#993099).
   - r8152: move the actions of saving the information of the device
     (bsc#993099).
   - r8152: move the setting for the default speed (bsc#993099).
   - r8152: move the settings of PHY to a work queue (bsc#993099).
   - r8152: nway reset after setting eee (bsc#993099).
   - r8152: redefine REALTEK_USB_DEVICE (bsc#993099).
   - r8152: reduce the frequency of spin_lock (bsc#993099).
   - r8152: reduce the number of Tx (bsc#993099).
   - r8152: remove a netif_carrier_off in rtl8152_open function (bsc#993099).
   - r8152: remove cancel_delayed_work_sync in rtl8152_set_speed (bsc#993099).
   - r8152: remove clearing bp (bsc#993099).
   - r8152: remove generic_ocp_read before writing (bsc#993099).
   - r8152: remove rtl_phy_reset function (bsc#993099).
   - r8152: remove rtl8152_get_stats (bsc#993099).
   - r8152: remove r8153_enable_eee (bsc#993099).
   - r8152: remove sram_read (bsc#993099).
   - r8152: remove the definitions of the PID (bsc#993099).
   - r8152: remove the duplicate init for the list of rx_done (bsc#993099).
   - r8152: remove the setting of LAN_WAKE_EN (bsc#993099).
   - r8152: rename rx_buf_sz (bsc#993099).
   - r8152: rename tx_underun (bsc#993099).
   - r8152: replace get_protocol with vlan_get_protocol (bsc#993099).
   - r8152: replace netdev_alloc_skb_ip_align with napi_alloc_skb
     (bsc#993099).
   - r8152: replace netif_rx with netif_receive_skb (bsc#993099).
   - r8152: replace some tabs with spaces (bsc#993099).
   - r8152: replace some types from int to bool (bsc#993099).
   - r8152: replace spin_lock_irqsave and spin_unlock_irqrestore (bsc#993099).
   - r8152: replace strncpy with strlcpy (bsc#993099).
   - r8152: replace tasklet with NAPI (bsc#993099).
   - r8152: replace the return value of rtl_ops_init (bsc#993099).
   - r8152: replace tp->netdev with netdev (bsc#993099).
   - r8152: reset device when tx timeout (bsc#993099).
   - r8152: reset the bmu (bsc#993099).
   - r8152: reset tp->speed before autoresuming in open function
     (bsc#993099).
   - r8152: restore hw settings (bsc#993099).
   - r8152: return -EBUSY for runtime suspend (bsc#993099).
   - r8152: save the speed (bsc#993099).
   - r8152: separate USB_RX_EARLY_AGG (bsc#993099).
   - r8152: set disable_hub_initiated_lpm (bsc#993099).
   - r8152: set RTL8152_UNPLUG when finding -ENODEV (bsc#993099).
   - r8152: split DRIVER_VERSION (bsc#993099).
   - r8152: split rtl8152_enable (bsc#993099).
   - r8152: stop submitting intr for -EPROTO (bsc#993099).
   - r8152: support dumping the hw counters (bsc#993099).
   - r8152: support ethtool eee (bsc#993099).
   - r8152: support get_msglevel and set_msglevel (bsc#993099).
   - r8152: support IPv6 (bsc#993099).
   - r8152: support jumbo frame for RTL8153 (bsc#993099).
   - r8152: support nway_reset of ethtool (bsc#993099).
   - r8152: support RTL8153 (bsc#993099).
   - r8152: support runtime suspend (bsc#993099).
   - r8152: support rx checksum (bsc#993099).
   - r8152: support setting rx coalesce (bsc#993099).
   - r8152: support stopping/waking tx queue (bsc#993099).
   - r8152: support the new RTL8153 chip (bsc#993099).
   - r8152: support TSO (bsc#993099).
   - r8152: support VLAN (bsc#993099).
   - r8152: support WOL (bsc#993099).
   - r8152: up the priority of the transmission (bsc#993099).
   - r8152: use BIT macro (bsc#993099).
   - r8152: use eth_hw_addr_random (bsc#993099).
   - r8152: Use kmemdup instead of kmalloc + memcpy (bsc#993099).
   - r8152: use test_and_clear_bit (bsc#993099).
   - r8152: use usleep_range (bsc#993099).
   - r8152: wake up the device before dumping the hw counter (bsc#993099).
   - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).
   - sched/fair: Fix min_vruntime tracking (bnc#1012985).
   - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
     systems (bnc#1012985).
   - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1012985).
   - sunrpc: Update RPCBIND_MAXNETIDLEN (git-fixes).
   - syscall: fix dereferencing NULL payload with nonzero length
     (bsc#1045327, bsc#1062471).
   - tcp: do not inherit fastopen_req from parent (bsc#1038544).
   - timekeeping: Ignore the bogus sleep time if pm_trace is enabled
     (bsc#994364).
   - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).
   - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).
   - xen: Linux 3.12.74.
   - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
   - xfs: fix a couple error sequence jumps in xfs_mountfs() (bsc#1035531).
   - xfs: fix coccinelle warnings (bsc#1035531).
   - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).
   - xfs: use ->b_state to fix buffer I/O accounting release race
     (bsc#1041160) (bsc#1041160).
   - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
     (bsc#1058524).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1799=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1799=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1799=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1799=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (noarch):

      kernel-devel-3.12.74-60.64.63.1
      kernel-macros-3.12.74-60.64.63.1
      kernel-source-3.12.74-60.64.63.1

   - SUSE OpenStack Cloud 6 (x86_64):

      kernel-default-3.12.74-60.64.63.1
      kernel-default-base-3.12.74-60.64.63.1
      kernel-default-base-debuginfo-3.12.74-60.64.63.1
      kernel-default-debuginfo-3.12.74-60.64.63.1
      kernel-default-debugsource-3.12.74-60.64.63.1
      kernel-default-devel-3.12.74-60.64.63.1
      kernel-syms-3.12.74-60.64.63.1
      kernel-xen-3.12.74-60.64.63.1
      kernel-xen-base-3.12.74-60.64.63.1
      kernel-xen-base-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debugsource-3.12.74-60.64.63.1
      kernel-xen-devel-3.12.74-60.64.63.1
      kgraft-patch-3_12_74-60_64_63-default-1-2.1
      kgraft-patch-3_12_74-60_64_63-xen-1-2.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      kernel-default-3.12.74-60.64.63.1
      kernel-default-base-3.12.74-60.64.63.1
      kernel-default-base-debuginfo-3.12.74-60.64.63.1
      kernel-default-debuginfo-3.12.74-60.64.63.1
      kernel-default-debugsource-3.12.74-60.64.63.1
      kernel-default-devel-3.12.74-60.64.63.1
      kernel-syms-3.12.74-60.64.63.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      kernel-xen-3.12.74-60.64.63.1
      kernel-xen-base-3.12.74-60.64.63.1
      kernel-xen-base-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debugsource-3.12.74-60.64.63.1
      kernel-xen-devel-3.12.74-60.64.63.1
      kgraft-patch-3_12_74-60_64_63-default-1-2.1
      kgraft-patch-3_12_74-60_64_63-xen-1-2.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

      kernel-devel-3.12.74-60.64.63.1
      kernel-macros-3.12.74-60.64.63.1
      kernel-source-3.12.74-60.64.63.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.74-60.64.63.1
      kernel-default-base-3.12.74-60.64.63.1
      kernel-default-base-debuginfo-3.12.74-60.64.63.1
      kernel-default-debuginfo-3.12.74-60.64.63.1
      kernel-default-debugsource-3.12.74-60.64.63.1
      kernel-default-devel-3.12.74-60.64.63.1
      kernel-syms-3.12.74-60.64.63.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

      kernel-devel-3.12.74-60.64.63.1
      kernel-macros-3.12.74-60.64.63.1
      kernel-source-3.12.74-60.64.63.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      kernel-xen-3.12.74-60.64.63.1
      kernel-xen-base-3.12.74-60.64.63.1
      kernel-xen-base-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debuginfo-3.12.74-60.64.63.1
      kernel-xen-debugsource-3.12.74-60.64.63.1
      kernel-xen-devel-3.12.74-60.64.63.1
      kgraft-patch-3_12_74-60_64_63-default-1-2.1
      kgraft-patch-3_12_74-60_64_63-xen-1-2.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):

      kernel-default-man-3.12.74-60.64.63.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.74-60.64.63.1
      kernel-ec2-debuginfo-3.12.74-60.64.63.1
      kernel-ec2-debugsource-3.12.74-60.64.63.1
      kernel-ec2-devel-3.12.74-60.64.63.1
      kernel-ec2-extra-3.12.74-60.64.63.1
      kernel-ec2-extra-debuginfo-3.12.74-60.64.63.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000363.html
   https://www.suse.com/security/cve/CVE-2017-1000365.html
   https://www.suse.com/security/cve/CVE-2017-1000380.html
   https://www.suse.com/security/cve/CVE-2017-10661.html
   https://www.suse.com/security/cve/CVE-2017-11176.html
   https://www.suse.com/security/cve/CVE-2017-12153.html
   https://www.suse.com/security/cve/CVE-2017-12154.html
   https://www.suse.com/security/cve/CVE-2017-12762.html
   https://www.suse.com/security/cve/CVE-2017-13080.html
   https://www.suse.com/security/cve/CVE-2017-14051.html
   https://www.suse.com/security/cve/CVE-2017-14106.html
   https://www.suse.com/security/cve/CVE-2017-14140.html
   https://www.suse.com/security/cve/CVE-2017-15265.html
   https://www.suse.com/security/cve/CVE-2017-15274.html
   https://www.suse.com/security/cve/CVE-2017-15649.html
   https://www.suse.com/security/cve/CVE-2017-7482.html
   https://www.suse.com/security/cve/CVE-2017-7487.html
   https://www.suse.com/security/cve/CVE-2017-7518.html
   https://www.suse.com/security/cve/CVE-2017-7541.html
   https://www.suse.com/security/cve/CVE-2017-7542.html
   https://www.suse.com/security/cve/CVE-2017-7889.html
   https://www.suse.com/security/cve/CVE-2017-8831.html
   https://www.suse.com/security/cve/CVE-2017-8890.html
   https://www.suse.com/security/cve/CVE-2017-8924.html
   https://www.suse.com/security/cve/CVE-2017-8925.html
   https://www.suse.com/security/cve/CVE-2017-9074.html
   https://www.suse.com/security/cve/CVE-2017-9075.html
   https://www.suse.com/security/cve/CVE-2017-9076.html
   https://www.suse.com/security/cve/CVE-2017-9077.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1001459
   https://bugzilla.suse.com/1012985
   https://bugzilla.suse.com/1023287
   https://bugzilla.suse.com/1027149
   https://bugzilla.suse.com/1028217
   https://bugzilla.suse.com/1030531
   https://bugzilla.suse.com/1030552
   https://bugzilla.suse.com/1031515
   https://bugzilla.suse.com/1033960
   https://bugzilla.suse.com/1034405
   https://bugzilla.suse.com/1035531
   https://bugzilla.suse.com/1035738
   https://bugzilla.suse.com/1037182
   https://bugzilla.suse.com/1037183
   https://bugzilla.suse.com/1037994
   https://bugzilla.suse.com/1038544
   https://bugzilla.suse.com/1038564
   https://bugzilla.suse.com/1038879
   https://bugzilla.suse.com/1038883
   https://bugzilla.suse.com/1038981
   https://bugzilla.suse.com/1038982
   https://bugzilla.suse.com/1039348
   https://bugzilla.suse.com/1039354
   https://bugzilla.suse.com/1039456
   https://bugzilla.suse.com/1039721
   https://bugzilla.suse.com/1039864
   https://bugzilla.suse.com/1039882
   https://bugzilla.suse.com/1039883
   https://bugzilla.suse.com/1039885
   https://bugzilla.suse.com/1040069
   https://bugzilla.suse.com/1041160
   https://bugzilla.suse.com/1041429
   https://bugzilla.suse.com/1041431
   https://bugzilla.suse.com/1042696
   https://bugzilla.suse.com/1042832
   https://bugzilla.suse.com/1042863
   https://bugzilla.suse.com/1044125
   https://bugzilla.suse.com/1045327
   https://bugzilla.suse.com/1045487
   https://bugzilla.suse.com/1045922
   https://bugzilla.suse.com/1046107
   https://bugzilla.suse.com/1048275
   https://bugzilla.suse.com/1048788
   https://bugzilla.suse.com/1049645
   https://bugzilla.suse.com/1049882
   https://bugzilla.suse.com/1053148
   https://bugzilla.suse.com/1053152
   https://bugzilla.suse.com/1053317
   https://bugzilla.suse.com/1056588
   https://bugzilla.suse.com/1056982
   https://bugzilla.suse.com/1057179
   https://bugzilla.suse.com/1058410
   https://bugzilla.suse.com/1058507
   https://bugzilla.suse.com/1058524
   https://bugzilla.suse.com/1059863
   https://bugzilla.suse.com/1062471
   https://bugzilla.suse.com/1062520
   https://bugzilla.suse.com/1063667
   https://bugzilla.suse.com/1064388
   https://bugzilla.suse.com/856774
   https://bugzilla.suse.com/860250
   https://bugzilla.suse.com/863764
   https://bugzilla.suse.com/878240
   https://bugzilla.suse.com/922855
   https://bugzilla.suse.com/922871
   https://bugzilla.suse.com/986924
   https://bugzilla.suse.com/993099
   https://bugzilla.suse.com/994364

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWff44Ix+lLeg9Ub1AQhVXQ/+NVVu3XjO5nE53DwOpn5D2gJs/S31N7tu
LgU/zY/Z9oYMBVPFzQbtG1yTxvAHr6wW3l6fMbTpxsF0b6URZ/jzw70O7Ycmvow5
W+GSk/G1QLz3A9RvzW1tBS+euXDKa+Jmd3If5jfO8jfmEapDQP+PwMVFdIEMycjo
HY2GKoSnMTdsx6s13E8AbGfwl3Djv4Pbr7POX4FPewP0ve5R+coeXt54IQss/whH
8u6NkhCeyEA2MLxcPj1yOou9iH0o2o/00XMXsYQrIkTKIP+NrLjLBhN+WxOkDnem
cHNfsZBzfNCEOLV+vAp8XO2x69qWbvFYXdYGqkZdxi1FLtS/PfzfqFX0hKtSLF6q
LB+hMzcvHQtTLTJXnazjAgTX2GN1pMwtVBxuY8O24DIof5/ceUBQhMMzYLT2ZWNf
U25voLtk0Smm0QLvYxRndkn9PmQCqDbix3Z6a9WNkuEoR54XAg3qxZq6MFIgiOOf
m50yeIgXkIHtqayLllQ/xCx4llnENHRGRxuxHmjMJvYcDetHxH3bRhmt8wWvWm0l
xAgidlvJNFjGgrNCgEY52F9xEKn9Bf153SEEdmr4lqV0GlRbrAn1pwJtv8fdx2Iv
K0CWH1ShI91wVdlKeG7vKMGIrHDdwww0Wg+YqrvNyNpJMuKBBF7ouH0XgPn5Q/mI
7LX1maSdchY=
=tuRb
-----END PGP SIGNATURE-----

« Back to bulletins