ESB-2018.0577 - [SUSE] kernel: Multiple vulnerabilities 2018-02-28

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0577
        SUSE Security Update: Security update for the Linux Kernel
                             28 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account      
                   Access Privileged Data -- Existing Account      
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1000004 CVE-2018-5333 CVE-2018-5332
                   CVE-2017-18079 CVE-2017-18017 CVE-2017-17741
                   CVE-2017-13215 CVE-2017-5754 CVE-2017-5715
                   CVE-2015-1142857  

Reference:         ASB-2018.0033
                   ASB-2018.0002.4
                   ESB-2018.0047
                   ESB-2018.0046

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20180555-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0555-1
Rating:             important
References:         #1012382 #1045538 #1048585 #1050431 #1054305
                    #1059174 #1060279 #1060682 #1063544 #1064861
                    #1068032 #1068984 #1069508 #1070623 #1070781
                    #1073311 #1074488 #1074621 #1074880 #1075088
                    #1075091 #1075410 #1075617 #1075621 #1075908
                    #1075994 #1076017 #1076154 #1076278 #1076437
                    #1076849 #1077191 #1077355 #1077406 #1077487
                    #1077560 #1077922 #1078875 #1079917 #1080133
                    #1080359 #1080363 #1080372 #1080579 #1080685
                    #1080774 #1081500 #936530 #962257
Cross-References:   CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
                    CVE-2017-18017 CVE-2017-18079 CVE-2017-5715
                    CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has 40 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5715: Systems with microprocessors utilizing speculative
     execution and indirect branch prediction may allow unauthorized
     disclosure
     of information to an attacker with local user access via a side-channel
      analysis (bnc#1068032).

     The previous fix using CPU Microcode has been complemented by building
   the Linux Kernel with return trampolines aka "retpolines".

   - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
     did not validate a value that is used during DMA page allocation,
     leading to a heap-based out-of-bounds write (related to the
     rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
   - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
     net/rds/rdma.c mishandled cases where page pinning fails or an invalid
     address is supplied, leading to an rds_atomic_free_op NULL pointer
     dereference (bnc#1075617).
   - CVE-2017-18017: The tcpmss_mangle_packet function in
     net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
     to cause a denial of service (use-after-free and memory corruption)
     or possibly have unspecified other impact by leveraging the presence of
      xt_TCPMSS in an iptables action (bnc#1074488).
   - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
     attackers to cause a denial of service (NULL pointer dereference and
     system crash) or possibly have unspecified other impact because the
     port->exists value can change after it is validated (bnc#1077922).
   - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's
     assigned to guests to send ethernet flow control pause frames via the
     PF. (bnc#1077355).
   - CVE-2017-17741: The KVM implementation in the Linux kernel allowed
     attackers to obtain potentially sensitive information from kernel
     memory, aka a write_mmio stack-based out-of-bounds read, related to
     arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
   - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
     kernel skcipher. (bnc#1075908).
   - CVE-2018-1000004: In the Linux kernel a race condition vulnerability
     existed in the sound system, this can lead to a deadlock and denial of
     service condition (bnc#1076017).

   The following non-security bugs were fixed:

   - alsa: aloop: Fix inconsistent format due to incomplete rule
     (bsc#1045538).
   - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).
   - alsa: aloop: Release cable upon open error path (bsc#1045538).
   - alsa: pcm: Abort properly at pending signal in OSS read/write loops
     (bsc#1045538).
   - alsa: pcm: Add missing error checks in OSS emulation plugin builder
     (bsc#1045538).
   - alsa: pcm: Allow aborting mutex lock at OSS read/write loops
     (bsc#1045538).
   - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).
   - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).
   - btrfs: cleanup unnecessary assignment when cleaning up all the residual
     transaction (FATE#325056).
   - btrfs: copy fsid to super_block s_uuid (bsc#1080774).
   - btrfs: do not wait for all the writers circularly during the transaction
     commit (FATE#325056).
   - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors
     (bsc#1080363).
   - btrfs: fix two use-after-free bugs with transaction cleanup
     (FATE#325056).
   - btrfs: make the state of the transaction more readable (FATE#325056).
   - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).
   - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value
     (bsc#1080685).
   - btrfs: reset intwrite on transaction abort (FATE#325056).
   - btrfs: set qgroup_ulist to be null after calling ulist_free()
     (bsc#1080359).
   - btrfs: stop waiting on current trans if we aborted (FATE#325056).
   - cdc-acm: apply quirk for card reader (bsc#1060279).
   - cdrom: factor out common open_for_* code (bsc#1048585).
   - cdrom: wait for tray to close (bsc#1048585).
   - delay: add poll_event_interruptible (bsc#1048585).
   - dm flakey: add corrupt_bio_byte feature (bsc#1080372).
   - dm flakey: add drop_writes (bsc#1080372).
   - dm flakey: error READ bios during the down_interval (bsc#1080372).
   - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).
   - dm flakey: fix reads to be issued if drop_writes configured
     (bsc#1080372).
   - dm flakey: introduce "error_writes" feature (bsc#1080372).
   - dm flakey: support feature args (bsc#1080372).
   - dm flakey: use dm_target_offset and support discards (bsc#1080372).
   - ext2: free memory allocated and forget buffer head when io error happens
     (bnc#1069508).
   - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).
   - ext3: add necessary check in case IO error happens (bnc#1069508).
   - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).
   - fork: clear thread stack upon allocation (bsc#1077560).
   - kaiser: Add proper NX handling for !NX-capable systems also to
     kaiser_add_user_map(). (bsc#1076278).
   - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz
   - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call
     cannot make assumption of accessible stack after CR3 switch, and
     therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the
     pagetable hierarchy.
   - kaiser: Fix trampoline stack loading issue on XEN PV
   - kaiser: handle non-accessible stack in sysretl_from_sys_call properly
     (bsc#bsc#1080579)
   - kaiser: make sure not to touch stack after CR3 switch in compat syscall
     return
   - kaiser: really do switch away from trampoline stack to kernel stack in
     ia32_syscall entry (bsc#1080579)
   - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
     bsc#1068032).
   - keys: trusted: fix writing past end of buffer in trusted_read()
     (bsc#1074880).
   - media: omap_vout: Fix a possible null pointer dereference in
     omap_vout_open() (bsc#1050431).
   - mISDN: fix a loop count (bsc#1077191).
   - nfsd: do not share group_info among threads (bsc@1070623).
   - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert
     thread (bsc#1076437).
   - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can
     not be granted at once (bsc#1076437).
   - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
     ocfs2_unblock_lock (bsc#962257).
   - powerpc/64: Add macros for annotating the destination of rfid/hrfid
     (bsc#1068032, bsc#1075088).
   - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1075088).
   - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1075088).
   - powerpc/64s: Add EX_SIZE definition for paca exception save areas
     (bsc#1068032, bsc#1075088).
   - powerpc/64s: Add support for RFI flush of L1-D cache  (bsc#1068032,
     bsc#1075088).
   - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,
     bsc#1075088).
   - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1075088).
   - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).
   - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
     (bsc#1068032, bsc#1075088).
   - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
   - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,
     bsc#1075088).
   - powerpc: Fix register clobbering when accumulating stolen time
     (bsc#1059174).
   - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).
   - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).
   - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,
     git-fixes).
   - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).
   - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
     (bsc#1068032, bsc#1075088).
   - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,
     bsc#1075088).
   - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,
     bsc#1075088).
   - powerpc/pseries: Kill all prefetch streams on context switch
     (bsc#1068032, bsc#1075088).
   - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,
     bsc#1075088).
   - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration
     (bsc#1068032, bsc#1075088).
   - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration
     (bsc#1075088).
   - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).
   - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,
     bsc#1075088).
   - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).
   - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).
   - powerpc/rfi-flush: Move RFI flush fields out of the paca  (unbreak kABI)
     (bsc#1068032, bsc#1075088).
   - powerpc/rfi-flush: Move the logic to avoid a redo into the  sysfs code
     (bsc#1068032, bsc#1075088).
   - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
     (bsc#1075088).
   - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
   - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).
   - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).
   - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
     (bsc#1075088).
   - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088).
   - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
   - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
     LTC#163741).
   - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).
   - scsi: sr: wait for the medium to become ready (bsc#1048585).
   - scsi: virtio_scsi: let host do exception handling
     (bsc#936530,bsc#1060682).
   - storvsc: do not assume SG list is continuous when doing bounce buffers
     (bsc#1075410).
   - sysfs/cpu: Add vulnerability folder (bnc#1012382).
   - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
   - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
   - x86/acpi: Handle SCI interrupts above legacy space gracefully
     (bsc#1068984).
   - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
     (bsc#1068984).
   - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032
     CVE-2017-5754).
   - x86/boot: Fix early command-line parsing when matching at end
     (bsc#1068032).
   - x86/cpu: Factor out application of forced CPU caps (bsc#1075994
     bsc#1075091).
   - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
   - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
   - x86/kaiser: Populate shadow PGD with NX bit only if supported by
     platform (bsc#1076154 bsc#1076278).
   - x86/kaiser: use trampoline stack for kernel entry.
   - x86/microcode/intel: Extend BDW late-loading further with LLC size check
     (bsc#1054305).
   - x86/microcode/intel: Extend BDW late-loading with a revision check
     (bsc#1054305).
   - x86/microcode: Rescan feature flags upon late loading (bsc#1075994
     bsc#1075091).
   - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
     (bsc#1068032).
   - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
     (bsc#1075994 bsc#1075091).
   - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
     bsc#1075091).
   - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
   - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
     (bsc#1068032 CVE-2017-5715).
   - mm: pin address_space before dereferencing it while isolating an LRU
     page (bnc#1081500).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-20180207-13491=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-20180207-13491=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20180207-13491=1

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-20180207-13491=1

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-kernel-20180207-13491=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-20180207-13491=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.35.1
      kernel-default-base-3.0.101-108.35.1
      kernel-default-devel-3.0.101-108.35.1
      kernel-source-3.0.101-108.35.1
      kernel-syms-3.0.101-108.35.1
      kernel-trace-3.0.101-108.35.1
      kernel-trace-base-3.0.101-108.35.1
      kernel-trace-devel-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.35.1
      kernel-ec2-base-3.0.101-108.35.1
      kernel-ec2-devel-3.0.101-108.35.1
      kernel-xen-3.0.101-108.35.1
      kernel-xen-base-3.0.101-108.35.1
      kernel-xen-devel-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.35.1
      kernel-bigmem-base-3.0.101-108.35.1
      kernel-bigmem-devel-3.0.101-108.35.1
      kernel-ppc64-3.0.101-108.35.1
      kernel-ppc64-base-3.0.101-108.35.1
      kernel-ppc64-devel-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.35.1
      kernel-pae-base-3.0.101-108.35.1
      kernel-pae-devel-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.35.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.35.1

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      cluster-network-kmp-rt-1.4_3.0.101_rt130_69.14-2.32.4.6
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_69.14-2.32.4.6
      drbd-kmp-rt-8.4.4_3.0.101_rt130_69.14-0.27.4.6
      drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_69.14-0.27.4.6
      gfs2-kmp-rt-2_3.0.101_rt130_69.14-0.24.4.6
      gfs2-kmp-rt_trace-2_3.0.101_rt130_69.14-0.24.4.6
      ocfs2-kmp-rt-1.6_3.0.101_rt130_69.14-0.28.5.6
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.14-0.28.5.6

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_108.35-2.32.4.6
      cluster-network-kmp-trace-1.4_3.0.101_108.35-2.32.4.6
      drbd-8.4.4-0.27.4.2
      drbd-bash-completion-8.4.4-0.27.4.2
      drbd-heartbeat-8.4.4-0.27.4.2
      drbd-kmp-default-8.4.4_3.0.101_108.35-0.27.4.6
      drbd-kmp-trace-8.4.4_3.0.101_108.35-0.27.4.6
      drbd-pacemaker-8.4.4-0.27.4.2
      drbd-udev-8.4.4-0.27.4.2
      drbd-utils-8.4.4-0.27.4.2
      gfs2-kmp-default-2_3.0.101_108.35-0.24.4.6
      gfs2-kmp-trace-2_3.0.101_108.35-0.24.4.6
      ocfs2-kmp-default-1.6_3.0.101_108.35-0.28.5.6
      ocfs2-kmp-trace-1.6_3.0.101_108.35-0.28.5.6

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_108.35-2.32.4.6
      drbd-kmp-xen-8.4.4_3.0.101_108.35-0.27.4.6
      gfs2-kmp-xen-2_3.0.101_108.35-0.24.4.6
      ocfs2-kmp-xen-1.6_3.0.101_108.35-0.28.5.6

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):

      drbd-xen-8.4.4-0.27.4.2

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

      cluster-network-kmp-bigmem-1.4_3.0.101_108.35-2.32.4.6
      cluster-network-kmp-ppc64-1.4_3.0.101_108.35-2.32.4.6
      drbd-kmp-bigmem-8.4.4_3.0.101_108.35-0.27.4.6
      drbd-kmp-ppc64-8.4.4_3.0.101_108.35-0.27.4.6
      gfs2-kmp-bigmem-2_3.0.101_108.35-0.24.4.6
      gfs2-kmp-ppc64-2_3.0.101_108.35-0.24.4.6
      ocfs2-kmp-bigmem-1.6_3.0.101_108.35-0.28.5.6
      ocfs2-kmp-ppc64-1.6_3.0.101_108.35-0.28.5.6

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_108.35-2.32.4.6
      drbd-kmp-pae-8.4.4_3.0.101_108.35-0.27.4.6
      gfs2-kmp-pae-2_3.0.101_108.35-0.24.4.6
      ocfs2-kmp-pae-1.6_3.0.101_108.35-0.28.5.6

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      drbd-debuginfo-8.4.4-0.27.4.2
      drbd-debugsource-8.4.4-0.27.4.2
      kernel-default-debuginfo-3.0.101-108.35.1
      kernel-default-debugsource-3.0.101-108.35.1
      kernel-trace-debuginfo-3.0.101-108.35.1
      kernel-trace-debugsource-3.0.101-108.35.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.35.1
      kernel-trace-devel-debuginfo-3.0.101-108.35.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.35.1
      kernel-ec2-debugsource-3.0.101-108.35.1
      kernel-xen-debuginfo-3.0.101-108.35.1
      kernel-xen-debugsource-3.0.101-108.35.1
      kernel-xen-devel-debuginfo-3.0.101-108.35.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.35.1
      kernel-bigmem-debugsource-3.0.101-108.35.1
      kernel-ppc64-debuginfo-3.0.101-108.35.1
      kernel-ppc64-debugsource-3.0.101-108.35.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.35.1
      kernel-pae-debugsource-3.0.101-108.35.1
      kernel-pae-devel-debuginfo-3.0.101-108.35.1


References:

   https://www.suse.com/security/cve/CVE-2015-1142857.html
   https://www.suse.com/security/cve/CVE-2017-13215.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-18017.html
   https://www.suse.com/security/cve/CVE-2017-18079.html
   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2018-1000004.html
   https://www.suse.com/security/cve/CVE-2018-5332.html
   https://www.suse.com/security/cve/CVE-2018-5333.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1048585
   https://bugzilla.suse.com/1050431
   https://bugzilla.suse.com/1054305
   https://bugzilla.suse.com/1059174
   https://bugzilla.suse.com/1060279
   https://bugzilla.suse.com/1060682
   https://bugzilla.suse.com/1063544
   https://bugzilla.suse.com/1064861
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1068984
   https://bugzilla.suse.com/1069508
   https://bugzilla.suse.com/1070623
   https://bugzilla.suse.com/1070781
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1074488
   https://bugzilla.suse.com/1074621
   https://bugzilla.suse.com/1074880
   https://bugzilla.suse.com/1075088
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075410
   https://bugzilla.suse.com/1075617
   https://bugzilla.suse.com/1075621
   https://bugzilla.suse.com/1075908
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076017
   https://bugzilla.suse.com/1076154
   https://bugzilla.suse.com/1076278
   https://bugzilla.suse.com/1076437
   https://bugzilla.suse.com/1076849
   https://bugzilla.suse.com/1077191
   https://bugzilla.suse.com/1077355
   https://bugzilla.suse.com/1077406
   https://bugzilla.suse.com/1077487
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077922
   https://bugzilla.suse.com/1078875
   https://bugzilla.suse.com/1079917
   https://bugzilla.suse.com/1080133
   https://bugzilla.suse.com/1080359
   https://bugzilla.suse.com/1080363
   https://bugzilla.suse.com/1080372
   https://bugzilla.suse.com/1080579
   https://bugzilla.suse.com/1080685
   https://bugzilla.suse.com/1080774
   https://bugzilla.suse.com/1081500
   https://bugzilla.suse.com/936530
   https://bugzilla.suse.com/962257

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWpYZe4x+lLeg9Ub1AQg9IRAAiDw7Sxi6N0w0OVuedqFVknakEwjUEr1a
jTuiqM17FgCYsqXDQzjtbtV7OPDTHG+SSh+pqMxbMBYX9D2veUn8Fmid4y8lcR6B
Lttd9xAbWU5XkuAXkSH+QgB0PXB47p8PAW5GPjiHpQJK06k2cZMbPeqKbwQMaZCy
nX3ioj0NWmB12uH5zgCT9IGEcTftH1zz5/6DVde98I8yHzW8JHvrmpH8Hgu8Mwvh
pT+8mC5Lg2hSRHMbGTN2T2fjKCOCqcH4nvHf6Sss/65rqgDnQs7WgsgN2vGCbnG8
JTCVUY1Oim3tZP+DntmLI3pG0jSgjPmHcw+JsnnEJP+8KFOYEMXGEYYs0WMf5X4o
huoZbZiTkLbltaP8R+PFiJGXC8de6+H2acNOUI+WeyUuNivOJKjcF/mOkeVmJQlt
oHNfyjtW6rm/Tg9mtOjDf5z8PSpji1VABDkQFv/C9HxfrnsS5xLRAoJw6aYpVamF
IpHniMOuzJgv7p7P19+8cdwnE2NbeiEXUsENTCmayIIWn6zK7YelCOvQxgwDUws/
gTeWkqtPm8yXFXglQMeDSYWJWWzeJ1SBwhzyDJDm16XTNFuC0BrlhkTXdZPHHZqb
omPiCb7I5ySxsSkZGGzI3ZO9Tfo8T8Gmu54IMMJ92ZyvyWJKzeWm36mkkttrCwhH
76uLV6ZMA90=
=M2tH
-----END PGP SIGNATURE-----

« Back to bulletins