ESB-2018.0721 - [SUSE] kernel: Multiple vulnerabilities 2018-03-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0721
       SUSE Enterprise 11 SP3 kernel updated for Meltdown (improved
                          retpoline fix), others
                               13 March 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account      
                   Access Privileged Data -- Existing Account      
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1000004 CVE-2018-5333 CVE-2018-5332
                   CVE-2017-18079 CVE-2017-18017 CVE-2017-17741
                   CVE-2017-13215 CVE-2017-5715 

Reference:         ASB-2018.0002.4
                   ESB-2018.0577
                   ESB-2018.0042.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0660-1
Rating:             important
References:         #1012382 #1054305 #1060279 #1068032 #1068984 
                    #1070781 #1073311 #1074488 #1074621 #1075091 
                    #1075410 #1075617 #1075621 #1075908 #1075994 
                    #1076017 #1076154 #1076278 #1076849 #1077406 
                    #1077560 #1077922 
Cross-References:   CVE-2017-13215 CVE-2017-17741 CVE-2017-18017
                    CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004
                    CVE-2018-5332 CVE-2018-5333
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 14 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5715: Systems with microprocessors utilizing speculative
     execution and indirect branch prediction may allow unauthorized
     disclosure of information to an attacker with local user access via a
     side-channel analysis (bnc#1068032).

     The previous fix using CPU Microcode has been complemented by building
   the Linux Kernel with return trampolines aka "retpolines".

   - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
     did not validate a value that is used during DMA page allocation,
     leading to a heap-based out-of-bounds write (related to the
     rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
   - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
     net/rds/rdma.c mishandled cases where page pinning fails or an invalid
     address is supplied, leading to an rds_atomic_free_op NULL pointer
     dereference (bnc#1075617).
   - CVE-2017-18017: The tcpmss_mangle_packet function in
     net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
     to cause a denial of service (use-after-free and memory corruption) or
     possibly have unspecified other impact by leveraging the presence of
     xt_TCPMSS in an iptables action (bnc#1074488).
   - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
     attackers to cause a denial of service (NULL pointer dereference and
     system crash) or possibly have unspecified other impact because the
     port->exists value can change after it is validated (bnc#1077922).
   - CVE-2017-17741: The KVM implementation in the Linux kernel allowed
     attackers to obtain potentially sensitive information from kernel
     memory, aka a write_mmio stack-based out-of-bounds read, related to
     arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
   - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
     kernel skcipher. (bnc#1075908).
   - CVE-2018-1000004: In the Linux kernel a race condition vulnerability
     exists in the sound system, this can lead to a deadlock and denial of
     service condition (bnc#1076017).

   The following non-security bugs were fixed:

   - cdc-acm: apply quirk for card reader (bsc#1060279).
   - Enable CPU vulnerabilities reporting via sysfs
   - fork: clear thread stack upon allocation (bsc#1077560).
   - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
   - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
     bsc#1068032).
   - Move kABI fixup for retpolines to proper place.
   - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
   - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
   - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
     LTC#163741).
   - storvsc: do not assume SG list is continuous when doing bounce buffers
     (bsc#1075410).
   - sysfs/cpu: Add vulnerability folder (bnc#1012382).
   - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
   - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
   - x86/acpi: Handle SCI interrupts above legacy space gracefully
     (bsc#1068984).
   - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
     (bsc#1068984).
   - x86/boot: Fix early command-line parsing when matching at end
     (bsc#1068032).
   - x86/cpu: Factor out application of forced CPU caps (bsc#1075994
     bsc#1075091).
   - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
   - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
   - x86/kaiser: Populate shadow PGD with NX bit only if supported by
     platform (bsc#1076154 bsc#1076278).
   - x86/kaiser: use trampoline stack for kernel entry.
   - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
   - x86/microcode/intel: Extend BDW late-loading further with LLC size check
     (bsc#1054305).
   - x86/microcode/intel: Extend BDW late-loading with a revision check
     (bsc#1054305).
   - x86/microcode: Rescan feature flags upon late loading (bsc#1075994
     bsc#1075091).
   - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
     (bsc#1068032).
   - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
     (bsc#1075994 bsc#1075091).
   - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
     bsc#1075091).
   - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-20180212-13505=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.106.19.1
      kernel-default-base-3.0.101-0.47.106.19.1
      kernel-default-devel-3.0.101-0.47.106.19.1
      kernel-source-3.0.101-0.47.106.19.1
      kernel-syms-3.0.101-0.47.106.19.1
      kernel-trace-3.0.101-0.47.106.19.1
      kernel-trace-base-3.0.101-0.47.106.19.1
      kernel-trace-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.106.19.1
      kernel-ec2-base-3.0.101-0.47.106.19.1
      kernel-ec2-devel-3.0.101-0.47.106.19.1
      kernel-xen-3.0.101-0.47.106.19.1
      kernel-xen-base-3.0.101-0.47.106.19.1
      kernel-xen-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.106.19.1
      kernel-bigsmp-base-3.0.101-0.47.106.19.1
      kernel-bigsmp-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.106.19.1
      kernel-pae-base-3.0.101-0.47.106.19.1
      kernel-pae-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.106.19.1
      kernel-trace-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.106.19.1
      kernel-default-base-3.0.101-0.47.106.19.1
      kernel-default-devel-3.0.101-0.47.106.19.1
      kernel-ec2-3.0.101-0.47.106.19.1
      kernel-ec2-base-3.0.101-0.47.106.19.1
      kernel-ec2-devel-3.0.101-0.47.106.19.1
      kernel-pae-3.0.101-0.47.106.19.1
      kernel-pae-base-3.0.101-0.47.106.19.1
      kernel-pae-devel-3.0.101-0.47.106.19.1
      kernel-source-3.0.101-0.47.106.19.1
      kernel-syms-3.0.101-0.47.106.19.1
      kernel-trace-3.0.101-0.47.106.19.1
      kernel-trace-base-3.0.101-0.47.106.19.1
      kernel-trace-devel-3.0.101-0.47.106.19.1
      kernel-xen-3.0.101-0.47.106.19.1
      kernel-xen-base-3.0.101-0.47.106.19.1
      kernel-xen-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.106.19.1
      kernel-default-debugsource-3.0.101-0.47.106.19.1
      kernel-trace-debuginfo-3.0.101-0.47.106.19.1
      kernel-trace-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.106.19.1
      kernel-ec2-debugsource-3.0.101-0.47.106.19.1
      kernel-xen-debuginfo-3.0.101-0.47.106.19.1
      kernel-xen-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.106.19.1
      kernel-bigsmp-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.106.19.1
      kernel-pae-debugsource-3.0.101-0.47.106.19.1


References:

   https://www.suse.com/security/cve/CVE-2017-13215.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-18017.html
   https://www.suse.com/security/cve/CVE-2017-18079.html
   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2018-1000004.html
   https://www.suse.com/security/cve/CVE-2018-5332.html
   https://www.suse.com/security/cve/CVE-2018-5333.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1054305
   https://bugzilla.suse.com/1060279
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1068984
   https://bugzilla.suse.com/1070781
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1074488
   https://bugzilla.suse.com/1074621
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075410
   https://bugzilla.suse.com/1075617
   https://bugzilla.suse.com/1075621
   https://bugzilla.suse.com/1075908
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076017
   https://bugzilla.suse.com/1076154
   https://bugzilla.suse.com/1076278
   https://bugzilla.suse.com/1076849
   https://bugzilla.suse.com/1077406
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077922

- -- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWqcT0Ix+lLeg9Ub1AQh51BAAnOspFoGYJj2uVlJnkt6Ucl+dKt68UL+F
uUfCSJC7nQrEpGjU7wd8CikS8ciXURaT5t8AHsZSdF2VakvCKrhlx6CuczB3MqZp
cctsqutxyFOgPP0rmND8NQMuEnKXdwQSP4wSIdipho9CGfg8g7zdbmHeGy1J67C3
Qopl0AEYzd/wkLML6NZlsNtxr6+67la/6H6wrc5l+zwszKcnq4HLQkiRx6Z9GCaI
EyyTpQgPZqbJPN1ny4AgLoxYU/2bXnv3MEal+ycgvo9BsmyshkADLqS4cyQzbsK4
kMUPM6qaUqd8pCkMGdN0LVomiHc5nEWFPjb2Whbr6t7oAJTyADLuIwqiwuwmtO+u
5ee3T6fs6H61llVZTbjatHHLRsjUYb5bpXxoT2jwwPtJgDAbf2jStilqtRb7bSNo
j727kIRy1Pv09FwFshHQaWI3z03DX43pRKUFP9gvNrJM2qOmYx1qy6j0D8OVzVAW
EFRcjNKV/pzs1SR7eINqEBWJaKVTZIoMEUJjcJkjIgwU7OjeyjoNO6h4ScnIAG6/
SeSIR0MgN12Dnwg3Hi0B8gvEe/mkIOwwtmUinJ2L2PKxGvTjPARiV5SKRdOBbrkD
IAp+t7LDO8+onyMtTLi72mAxH0eC+tZ9ONU7v1NBI+W/rz2+h8W2l6aIEdmelrG/
e/D8MG8sia8=
=sZic
-----END PGP SIGNATURE-----

« Back to bulletins