Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2436
Security update for the Linux Kernel
20 August 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-10853 CVE-2018-3646 CVE-2017-18344
CVE-2017-17053 CVE-2017-11600
Reference: ESB-2018.2416
ESB-2018.2404
ESB-2018.2401
ESB-2018.2398
ESB-2018.2380
Original Bulletin:
https://www.suse.com/support/update/announcement/2018/suse-su-20182413-1.html
https://www.suse.com/support/update/announcement/2018/suse-su-20182416-1.html
https://www.suse.com/support/update/announcement/2018/suse-su-20182414-1.html
Comment: This bulletin contains three (3) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2413-1
Rating: important
References: #1096564 #1096679 #1097108 #1099306 #1103203
Cross-References: CVE-2017-11600 CVE-2017-17053 CVE-2017-18344
CVE-2018-10853 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.82-6_9 fixes several issues.
The following security issues were fixed:
- CVE-2018-3646: Local attackers in virtualized guest systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data, even from other virtual
machines or the host system (bsc#1099306).
- CVE-2017-18344: The timer_create syscall implementation in
kernel/time/posix-timers.c didn't properly validate the
sigevent->sigev_notify field, which lead to out-of-bounds access in the
show_timer function (called when /proc/$PID/timers is read). This
allowed userspace applications to read arbitrary kernel memory (on a
kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)
(bsc#1103203). before 4.14.8
- CVE-2017-17053: The init_new_context function in
arch/x86/include/asm/mmu_context.h did not correctly handle errors from
LDT table allocation when forking a new process, allowing a local
attacker to achieve a use-after-free or possibly have unspecified other
impact by running a specially crafted program. This vulnerability only
affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679).
- CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value
of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local
users to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink
message (bsc#1096564)
- CVE-2018-10853: A flaw was found in kvm. In which certain instructions
such as sgdt/sidt call segmented_write_std didn't propagate access
correctly. As such, during userspace induced exception, the guest can
incorrectly assume that the exception happened in the kernel and panic.
(bsc#1097108).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1669=1 SUSE-SLE-Live-Patching-12-SP3-2018-1670=1 SUSE-SLE-Live-Patching-12-SP3-2018-1671=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP3 (x86_64):
kgraft-patch-4_4_82-6_3-default-11-2.1
kgraft-patch-4_4_82-6_3-default-debuginfo-11-2.1
kgraft-patch-4_4_82-6_6-default-10-2.1
kgraft-patch-4_4_82-6_6-default-debuginfo-10-2.1
kgraft-patch-4_4_82-6_9-default-10-2.1
kgraft-patch-4_4_82-6_9-default-debuginfo-10-2.1
References:
https://www.suse.com/security/cve/CVE-2017-11600.html
https://www.suse.com/security/cve/CVE-2017-17053.html
https://www.suse.com/security/cve/CVE-2017-18344.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1096564
https://bugzilla.suse.com/1096679
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1099306
https://bugzilla.suse.com/1103203
_______________________________________________
================================================================================
SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2414-1
Rating: important
References: #1097108 #1099306
Cross-References: CVE-2018-10853 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.120-94_17 fixes several issues.
The following security issues were fixed:
- CVE-2018-3646: Local attackers in virtualized guest systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data, even from other virtual
machines or the host system (bsc#1099306).
- CVE-2018-10853: A flaw was found in kvm. In which certain instructions
such as sgdt/sidt call segmented_write_std didn't propagate access
correctly. As such, during userspace induced exception, the guest can
incorrectly assume that the exception happened in the kernel and panic.
(bsc#1097108).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1678=1 SUSE-SLE-Live-Patching-12-SP3-2018-1679=1 SUSE-SLE-Live-Patching-12-SP3-2018-1680=1 SUSE-SLE-Live-Patching-12-SP3-2018-1681=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_120-94_17-default-5-2.1
kgraft-patch-4_4_120-94_17-default-debuginfo-5-2.1
kgraft-patch-4_4_126-94_22-default-5-2.1
kgraft-patch-4_4_126-94_22-default-debuginfo-5-2.1
kgraft-patch-4_4_131-94_29-default-3-2.1
kgraft-patch-4_4_131-94_29-default-debuginfo-3-2.1
kgraft-patch-4_4_132-94_33-default-3-2.1
kgraft-patch-4_4_132-94_33-default-debuginfo-3-2.1
References:
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1099306
_______________________________________________
==============================================================================
SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2416-1
Rating: important
References: #1097108 #1099306 #1103203
Cross-References: CVE-2017-18344 CVE-2018-10853 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.114-94_14 fixes several issues.
The following security issues were fixed:
- CVE-2018-3646: Local attackers in virtualized guest systems could use
speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU
core, potentially leaking sensitive data, even from other virtual
machines or the host system (bsc#1099306).
- CVE-2017-18344: The timer_create syscall implementation in
kernel/time/posix-timers.c didn't properly validate the
sigevent->sigev_notify field, which lead to out-of-bounds access in the
show_timer function (called when /proc/$PID/timers is read). This
allowed userspace applications to read arbitrary kernel memory (on a
kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)
(bsc#1103203). before 4.14.8
- CVE-2018-10853: A flaw was found in kvm. In which certain instructions
such as sgdt/sidt call segmented_write_std didn't propagate access
correctly. As such, during userspace induced exception, the guest can
incorrectly assume that the exception happened in the kernel and panic.
(bsc#1097108).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 12-SP2:
zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1667=1 SUSE-SLE-SAP-12-SP2-2018-1668=1
- SUSE Linux Enterprise Server 12-SP2-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1667=1 SUSE-SLE-SERVER-12-SP2-2018-1668=1
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1672=1 SUSE-SLE-Live-Patching-12-SP3-2018-1673=1 SUSE-SLE-Live-Patching-12-SP3-2018-1674=1 SUSE-SLE-Live-Patching-12-SP3-2018-1675=1 SUSE-SLE-Live-Patching-12-SP3-2018-1676=1 SUSE-SLE-Live-Patching-12-SP3-2018-1677=1
Package List:
- SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):
kgraft-patch-4_4_103-92_53-default-8-2.1
kgraft-patch-4_4_103-92_56-default-8-2.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):
kgraft-patch-4_4_103-92_53-default-8-2.1
kgraft-patch-4_4_103-92_56-default-8-2.1
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_103-6_33-default-8-2.1
kgraft-patch-4_4_103-6_33-default-debuginfo-8-2.1
kgraft-patch-4_4_103-6_38-default-8-2.1
kgraft-patch-4_4_103-6_38-default-debuginfo-8-2.1
kgraft-patch-4_4_114-94_11-default-6-2.1
kgraft-patch-4_4_114-94_11-default-debuginfo-6-2.1
kgraft-patch-4_4_114-94_14-default-6-2.1
kgraft-patch-4_4_114-94_14-default-debuginfo-6-2.1
kgraft-patch-4_4_92-6_30-default-8-2.1
kgraft-patch-4_4_92-6_30-default-debuginfo-8-2.1
- SUSE Linux Enterprise Live Patching 12-SP3 (x86_64):
kgraft-patch-4_4_92-6_18-default-9-2.1
kgraft-patch-4_4_92-6_18-default-debuginfo-9-2.1
References:
https://www.suse.com/security/cve/CVE-2017-18344.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1099306
https://bugzilla.suse.com/1103203
_______________________________________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW3pTIGaOgq3Tt24GAQiEmBAAg1gebkcNBn+5pDIMkQLjkOBXfoPldaL0
XuDw6vBZP4HLzk/5JaRTEPRkissgbiKDN2AXlrkeDU+u8fo8Y8eCfzZXLQHSDLR+
6WZ4NOhAP9PzTvJw9AWE+a7gzwue6EQZbZv0mZv/EN/V+vAVoA3r4wqm+BWH8PYO
YF6LJFb07MA1bMA4E+7sdktclBUY9JboPXO/ovZBY91315mi4z4cAvQeSISSpTSN
flVy2Gryx51lKWHsrT0s5iJNhnHlC4aMUMDWxKihSijZldo5EcGb5CIRiGoaoGAY
ulYBrSx8B+Co9FTEzIZ+fvGcoMGQo0OTuBBk5B73nsuQbA2Cf9KXkN5Qp8/0fw8K
5fmBk+n2WqWgQRvu2X/JidnpeGmf6ZB75cvwriQazjvhEpuYX6VJSa5eoOT/1KWo
2x9iUMqolxBP4/UttAQEZipA+6QmA6jW6FW2qQpskpDpl5Lz5GLxMvYVYKMlFAp0
AcJY8ehRwtlIfmG/Ot+oLEYJlbhESOXPUfirphE4fetZuyUL/0mKBWK8NGeFiuQk
w0Y8lJYyWYSbIsRfUnGOgeUSFNvdnund4uL/KKBRw0bKnVvHoCIKXB3QVAlAdbfC
zCHZGEkqwSptx9PF3eZRaC5UASD7UVnc5rAqsS6G2Q4mZptiJu03c+WoDtQOQrKL
UL3GaXjiBW4=
=wp3F
-----END PGP SIGNATURE-----