ESB-2018.3468 - [SUSE] kernel: Multiple vulnerabilities 2018-11-06

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3468
                         Kernel updated in SUSE 11
                              6 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-16276 CVE-2018-14633 CVE-2018-14617
                   CVE-2018-12896  

Reference:         ESB-2018.2955
                   ESB-2018.2914
                   ESB-2018.2831

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183618-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3618-1
Rating:             important
References:         #1099922 #1102870 #1106095 #1107829 #1108227 
                    #1109967 #1110247 #1113337 #905299 
Cross-References:   CVE-2018-12896 CVE-2018-14617 CVE-2018-14633
                    CVE-2018-16276
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves four vulnerabilities and has 5 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-14633: A security flaw was found in the
     chap_server_compute_md5() function in the ISCSI target code in a way an
     authentication request from an ISCSI initiator is processed. An
     unauthenticated remote attacker can cause a stack buffer overflow and
     smash up to 17 bytes of the stack. The attack requires the iSCSI target
     to be enabled on the victim host. Depending on how the target's code was
     built (i.e. depending on a compiler, compile flags and hardware
     architecture) an attack may lead to a system crash and thus to a
     denial-of-service or possibly to a non-authorized access to data
     exported by an iSCSI target. Due to the nature of the flaw, privilege
     escalation cannot be fully ruled out, although we believe it is highly
     unlikely. (bnc#1107829).
   - CVE-2018-14617: There is a NULL pointer dereference and panic in
     hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
     purportedly a hard link) in an hfs+ filesystem that has malformed
     catalog data, and is mounted read-only without a metadata directory
     (bnc#1102870).
   - CVE-2018-16276: An issue was discovered in yurex_read in
     drivers/usb/misc/yurex.c where local attackers could use user access
     read/writes with incorrect bounds checking in the yurex USB driver to
     crash the kernel or potentially escalate privileges (bnc#1106095).
   - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
     POSIX timer code is caused by the way the overrun accounting works.
     Depending on interval and expiry time values, the overrun can be larger
     than INT_MAX, but the accounting is int based. This basically made the
     accounting values, which are visible to user space via
     timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
     local user can cause a denial of service (signed integer overflow) via
     crafted mmap, futex, timer_create, and timer_settime system calls
     (bnc#1099922).

   The following non-security bugs were fixed:

   - net: fix neighbours after MAC change (bnc#905299).
   - powerpc: Fix smp_mb__before_spinlock() (bsc#1110247).
   - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967).
   - x86/fpu: fix signal handling with eager FPU switching (ia32)
     (bsc#1108227).
   - retpoline: Introduce start/end markers of indirect thunk (bsc#1113337).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-source-13855=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-source-13855=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-source-13855=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-source-13855=1



Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.106.56.1
      kernel-default-base-3.0.101-0.47.106.56.1
      kernel-default-devel-3.0.101-0.47.106.56.1
      kernel-source-3.0.101-0.47.106.56.1
      kernel-syms-3.0.101-0.47.106.56.1
      kernel-trace-3.0.101-0.47.106.56.1
      kernel-trace-base-3.0.101-0.47.106.56.1
      kernel-trace-devel-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.106.56.1
      kernel-ec2-base-3.0.101-0.47.106.56.1
      kernel-ec2-devel-3.0.101-0.47.106.56.1
      kernel-xen-3.0.101-0.47.106.56.1
      kernel-xen-base-3.0.101-0.47.106.56.1
      kernel-xen-devel-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.106.56.1
      kernel-bigsmp-base-3.0.101-0.47.106.56.1
      kernel-bigsmp-devel-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.106.56.1
      kernel-pae-base-3.0.101-0.47.106.56.1
      kernel-pae-devel-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.106.56.1
      kernel-trace-extra-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.106.56.1
      kernel-default-base-3.0.101-0.47.106.56.1
      kernel-default-devel-3.0.101-0.47.106.56.1
      kernel-ec2-3.0.101-0.47.106.56.1
      kernel-ec2-base-3.0.101-0.47.106.56.1
      kernel-ec2-devel-3.0.101-0.47.106.56.1
      kernel-pae-3.0.101-0.47.106.56.1
      kernel-pae-base-3.0.101-0.47.106.56.1
      kernel-pae-devel-3.0.101-0.47.106.56.1
      kernel-source-3.0.101-0.47.106.56.1
      kernel-syms-3.0.101-0.47.106.56.1
      kernel-trace-3.0.101-0.47.106.56.1
      kernel-trace-base-3.0.101-0.47.106.56.1
      kernel-trace-devel-3.0.101-0.47.106.56.1
      kernel-xen-3.0.101-0.47.106.56.1
      kernel-xen-base-3.0.101-0.47.106.56.1
      kernel-xen-devel-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.106.56.1
      kernel-default-debugsource-3.0.101-0.47.106.56.1
      kernel-trace-debuginfo-3.0.101-0.47.106.56.1
      kernel-trace-debugsource-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.106.56.1
      kernel-ec2-debugsource-3.0.101-0.47.106.56.1
      kernel-xen-debuginfo-3.0.101-0.47.106.56.1
      kernel-xen-debugsource-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.106.56.1
      kernel-bigsmp-debugsource-3.0.101-0.47.106.56.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.106.56.1
      kernel-pae-debugsource-3.0.101-0.47.106.56.1


References:

   https://www.suse.com/security/cve/CVE-2018-12896.html
   https://www.suse.com/security/cve/CVE-2018-14617.html
   https://www.suse.com/security/cve/CVE-2018-14633.html
   https://www.suse.com/security/cve/CVE-2018-16276.html
   https://bugzilla.suse.com/1099922
   https://bugzilla.suse.com/1102870
   https://bugzilla.suse.com/1106095
   https://bugzilla.suse.com/1107829
   https://bugzilla.suse.com/1108227
   https://bugzilla.suse.com/1109967
   https://bugzilla.suse.com/1110247
   https://bugzilla.suse.com/1113337
   https://bugzilla.suse.com/905299

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+D0KmaOgq3Tt24GAQh4jw//ZN6TUOWhVAUHvwDtU6/qsMnsLATTB7hC
eRyCS/3ygnxj1blynGH0c9TSWMWyh0jN5YHvnql1WOT9TyJB6nAZ9fhTLy5mogqL
SnHGqcOIRXLnurOIhyz/NBnP9EXFBwNIS5q/qYTo0xaZTkTLAGLLq14RKVyOegxZ
ixVdhe0v45FM0PqkjWyex9FIgVZlgFC4g3CSL9TxX/kKe5T6Vy4kBUqScB8jhtkd
y0yR4HIebf83nQRWt2ozCsvPl3yEknboUV/5B4SBOazKcHsn+Ustd9fv096eEN9D
Xo5K6rk3RtMMyzbf/fsLZRy0Bs+YCxzFXu9aYt4NKOJEKhu9N4EZebitmK+q8ak8
YN16ed0IlQBNPb6gyDJ30xC0mc/4pa1WP0mr61fTX6NwmIvpR71SRHwlu1WXu/MO
bORNAEshE8EwBLfAN7atumOGvBKPTMesvXRaJ6EtIM1TyLSi/6hTaXqvTkiHTV0A
+zZeqf1tJHvWQk4nD3pRhxdZSsMfAFYufPSGECejpTpytJq/CQfBDosfCSlQo8Ov
41f9ozTQbApKmmU1LG7jDy4HxkLTLXjGCfA/2pc7I6BJQWKKN04so9OYOA3CNxOe
GnXYDbCI4nU6BGFrVi4vfl71dWjMvToVaMdv9eyQa7xylD4w6FEyvoZ+FXGZG5Al
BqftXsIs7+Y=
=RzAL
-----END PGP SIGNATURE-----

« Back to bulletins