Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.3060
Security update for the Linux Kernel
10 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-17182 CVE-2018-16658 CVE-2018-16276
CVE-2018-15594 CVE-2018-15572 CVE-2018-14734
CVE-2018-14678 CVE-2018-14634 CVE-2018-14617
CVE-2018-13095 CVE-2018-13094 CVE-2018-13093
CVE-2018-12896 CVE-2018-10940 CVE-2018-10938
CVE-2018-10902 CVE-2018-10883 CVE-2018-10882
CVE-2018-10881 CVE-2018-10880 CVE-2018-10879
CVE-2018-10878 CVE-2018-10877 CVE-2018-10876
CVE-2018-10853 CVE-2018-9363 CVE-2018-7757
CVE-2018-7480 CVE-2018-6555 CVE-2018-6554
Reference: ASB-2018.0124
ESB-2018.3020
ESB-2018.3010
ESB-2018.2981
ESB-2018.2974
ESB-2018.2958
ESB-2018.2955
ESB-2018.2930
ESB-2018.2885
Original Bulletin:
https://www.suse.com/support/update/announcement/2018/suse-su-20183083-1.html
https://www.suse.com/support/update/announcement/2018/suse-su-20183084-1.html
https://www.suse.com/support/update/announcement/2018/suse-su-20183088-1.html
Comment: This bulletin contains three (3) security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3083-1
Rating: important
References: #1012382 #1062604 #1064232 #1065999 #1092903
#1093215 #1096547 #1097104 #1099811 #1099813
#1099844 #1099845 #1099846 #1099849 #1099863
#1099864 #1099922 #1100001 #1100089 #1102870
#1103445 #1104319 #1104495 #1104906 #1105322
#1105412 #1106095 #1106369 #1106509 #1106511
#1107689 #1108399 #1108912
Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877
CVE-2018-10878 CVE-2018-10879 CVE-2018-10880
CVE-2018-10881 CVE-2018-10882 CVE-2018-10883
CVE-2018-10902 CVE-2018-10940 CVE-2018-12896
CVE-2018-13093 CVE-2018-14617 CVE-2018-14634
CVE-2018-16276 CVE-2018-16658 CVE-2018-17182
CVE-2018-6554 CVE-2018-6555
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 20 vulnerabilities and has 13 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14634: Prevent integer overflow in create_elf_tables that
allowed a local attacker to exploit this vulnerability via a SUID-root
binary and obtain full root privileges (bsc#1108912)
- CVE-2018-14617: Prevent NULL pointer dereference and panic in
hfsplus_lookup() when opening a file (that is purportedly a hard link)
in an hfs+ filesystem that has malformed catalog data, and is mounted
read-only without a metadata directory (bsc#1102870)
- CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
yurex_read allowed local attackers to use user access read/writes to
crash the kernel or potentially escalate privileges (bsc#1106095)
- CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
was caused by the way the overrun accounting works. Depending on
interval and expiry time values, the overrun can be larger than INT_MAX,
but the accounting is int based. This basically made the accounting
values, which are visible to user space via timer_getoverrun(2) and
siginfo::si_overrun, random. This allowed a local user to cause a denial
of service (signed integer overflow) via crafted mmap, futex,
timer_create, and timer_settime system calls (bnc#1099922)
- CVE-2018-13093: Prevent NULL pointer dereference and panic in
lookup_slow()
on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs
image. This occured because of a lack of proper validation that cached
inodes are free during allocation (bnc#1100001)
- CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
- CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
that could have been used by local attackers to read kernel memory
(bnc#1107689)
- CVE-2018-6555: The irda_setsockopt function allowed local users to cause
a denial of service (ias_object use-after-free and system crash) or
possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511)
- CVE-2018-6554: Prevent memory leak in the irda_bind function that
allowed local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket (bnc#1106509)
- CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL)
level while emulating unprivileged instructions. An unprivileged guest
user/process could have used this flaw to potentially escalate
privileges inside guest (bsc#1097104)
- CVE-2018-10902: Protect against concurrent access to prevent double
realloc (double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status(). A malicious local attacker could have used
this for privilege escalation (bnc#1105322).
- CVE-2018-10879: A local user could have caused a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified
other impact by renaming a file in a crafted ext4 filesystem image
(bsc#1099844)
- CVE-2018-10883: A local user could have caused an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image
(bsc#1099863)
- CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem
code when mounting and writing to a crafted ext4 image in
ext4_update_inline_data(). An attacker could have used this to cause a
system crash and a denial of service (bsc#1099845)
- CVE-2018-10882: A local user could have caused an out-of-bound write, a
denial of service, and a system crash by unmounting a crafted ext4
filesystem image (bsc#1099849)
- CVE-2018-10881: A local user could have caused an out-of-bound access in
ext4_get_group_info function, a denial of service, and a system crash by
mounting and operating on a crafted ext4 filesystem image (bsc#1099864)
- CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs()
function when operating on a crafted ext4 filesystem image (bsc#1099846)
- CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space()
function when mounting and operating a crafted ext4 image (bsc#1099811)
- CVE-2018-10878: A local user could have caused an out-of-bounds write
and a denial of service or unspecified other impact by mounting and
operating a crafted ext4 filesystem image (bsc#1099813)
- CVE-2018-17182: An issue was discovered in the Linux kernel The
vmacache_flush_all function in mm/vmacache.c mishandled sequence number
overflows. An attacker can trigger a use-after-free (and possibly gain
privileges) via certain thread creation, map, unmap, invalidation, and
dereference operations (bnc#1108399).
The following non-security bugs were fixed:
- bcache: avoid unncessary cache prefetch bch_btree_node_get().
- bcache: calculate the number of incremental GC nodes according to the
total of btree nodes.
- bcache: display rate debug parameters to 0 when writeback is not running.
- bcache: do not check return value of debugfs_create_dir().
- bcache: finish incremental GC.
- bcache: fix error setting writeback_rate through sysfs interface
(bsc#1064232).
- bcache: fix I/O significant decline while backend devices registering.
- bcache: free heap cache_set->flush_btree in bch_journal_free.
- bcache: make the pr_err statement used for ENOENT only in sysfs_attatch
section.
- bcache: release dc->writeback_lock properly in bch_writeback_thread().
- bcache: set max writeback rate when I/O request is idle (bsc#1064232).
- bcache: simplify the calculation of the total amount of flash dirty data.
- Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set
(bsc#1104906).
- ext4: check for allocation block validity with block group locked
(bsc#1104495).
- ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
- ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
- ext4: fix false negatives *and* false positives in
ext4_check_descriptors() (bsc#1103445).
- kABI: protect struct x86_emulate_ops (kabi).
- KEYS: prevent creating a different user's keyrings (bnc#1065999).
- KVM: MMU: always terminate page walks at level 1 (bsc#1062604).
- KVM: MMU: simplify last_pte_bitmap (bsc#1062604).
- KVM: nVMX: update last_nonleaf_level when initializing nested EPT
(bsc#1062604).
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
(bsc#1106369).
- updated sssbd handling (bsc#1093215, bsc#1105412).
- usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
(bsc#1106369).
- sched/sysctl: Check user input value of sysctl_sched_time_avg
(bsc#1100089).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2018-2185=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2185=1
Package List:
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.61-52.146.1
kernel-default-base-3.12.61-52.146.1
kernel-default-base-debuginfo-3.12.61-52.146.1
kernel-default-debuginfo-3.12.61-52.146.1
kernel-default-debugsource-3.12.61-52.146.1
kernel-default-devel-3.12.61-52.146.1
kernel-syms-3.12.61-52.146.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
kernel-xen-3.12.61-52.146.1
kernel-xen-base-3.12.61-52.146.1
kernel-xen-base-debuginfo-3.12.61-52.146.1
kernel-xen-debuginfo-3.12.61-52.146.1
kernel-xen-debugsource-3.12.61-52.146.1
kernel-xen-devel-3.12.61-52.146.1
kgraft-patch-3_12_61-52_146-default-1-1.5.1
kgraft-patch-3_12_61-52_146-xen-1-1.5.1
- SUSE Linux Enterprise Server 12-LTSS (noarch):
kernel-devel-3.12.61-52.146.1
kernel-macros-3.12.61-52.146.1
kernel-source-3.12.61-52.146.1
- SUSE Linux Enterprise Server 12-LTSS (s390x):
kernel-default-man-3.12.61-52.146.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.61-52.146.1
kernel-ec2-debuginfo-3.12.61-52.146.1
kernel-ec2-debugsource-3.12.61-52.146.1
kernel-ec2-devel-3.12.61-52.146.1
kernel-ec2-extra-3.12.61-52.146.1
kernel-ec2-extra-debuginfo-3.12.61-52.146.1
References:
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-10876.html
https://www.suse.com/security/cve/CVE-2018-10877.html
https://www.suse.com/security/cve/CVE-2018-10878.html
https://www.suse.com/security/cve/CVE-2018-10879.html
https://www.suse.com/security/cve/CVE-2018-10880.html
https://www.suse.com/security/cve/CVE-2018-10881.html
https://www.suse.com/security/cve/CVE-2018-10882.html
https://www.suse.com/security/cve/CVE-2018-10883.html
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10940.html
https://www.suse.com/security/cve/CVE-2018-12896.html
https://www.suse.com/security/cve/CVE-2018-13093.html
https://www.suse.com/security/cve/CVE-2018-14617.html
https://www.suse.com/security/cve/CVE-2018-14634.html
https://www.suse.com/security/cve/CVE-2018-16276.html
https://www.suse.com/security/cve/CVE-2018-16658.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://www.suse.com/security/cve/CVE-2018-6554.html
https://www.suse.com/security/cve/CVE-2018-6555.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1062604
https://bugzilla.suse.com/1064232
https://bugzilla.suse.com/1065999
https://bugzilla.suse.com/1092903
https://bugzilla.suse.com/1093215
https://bugzilla.suse.com/1096547
https://bugzilla.suse.com/1097104
https://bugzilla.suse.com/1099811
https://bugzilla.suse.com/1099813
https://bugzilla.suse.com/1099844
https://bugzilla.suse.com/1099845
https://bugzilla.suse.com/1099846
https://bugzilla.suse.com/1099849
https://bugzilla.suse.com/1099863
https://bugzilla.suse.com/1099864
https://bugzilla.suse.com/1099922
https://bugzilla.suse.com/1100001
https://bugzilla.suse.com/1100089
https://bugzilla.suse.com/1102870
https://bugzilla.suse.com/1103445
https://bugzilla.suse.com/1104319
https://bugzilla.suse.com/1104495
https://bugzilla.suse.com/1104906
https://bugzilla.suse.com/1105322
https://bugzilla.suse.com/1105412
https://bugzilla.suse.com/1106095
https://bugzilla.suse.com/1106369
https://bugzilla.suse.com/1106509
https://bugzilla.suse.com/1106511
https://bugzilla.suse.com/1107689
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1108912
_______________________________________________
==============================================================================
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3084-1
Rating: important
References: #1012382 #1042286 #1062604 #1064232 #1065364
#1082519 #1082863 #1084536 #1085042 #1088810
#1089066 #1092903 #1094466 #1095344 #1096547
#1097104 #1099597 #1099811 #1099813 #1099844
#1099845 #1099846 #1099849 #1099863 #1099864
#1099922 #1099993 #1099999 #1100000 #1100001
#1100152 #1102517 #1102715 #1102870 #1103445
#1104319 #1104495 #1105292 #1105296 #1105322
#1105348 #1105396 #1105536 #1106016 #1106095
#1106369 #1106509 #1106511 #1106512 #1106594
#1107689 #1107735 #1107966 #1108239 #1108399
#1109333
Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877
CVE-2018-10878 CVE-2018-10879 CVE-2018-10880
CVE-2018-10881 CVE-2018-10882 CVE-2018-10883
CVE-2018-10902 CVE-2018-10938 CVE-2018-10940
CVE-2018-12896 CVE-2018-13093 CVE-2018-13094
CVE-2018-13095 CVE-2018-14617 CVE-2018-14678
CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
CVE-2018-16658 CVE-2018-17182 CVE-2018-6554
CVE-2018-6555 CVE-2018-7480 CVE-2018-7757
CVE-2018-9363
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise High Availability 12-SP2
SUSE Enterprise Storage 4
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves 28 vulnerabilities and has 28 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
various security and bugfixes.
- CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could use this flaw to potentially
escalate privileges inside guest (bnc#1097104).
- CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem
code. A use-after-free is possible in ext4_ext_remove_space() function
when mounting and operating a crafted ext4 image. (bnc#1099811)
- CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when operating
on a crafted ext4 filesystem image. (bnc#1099846)
- CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write and a denial of service or
unspecified other impact is possible by mounting and operating a crafted
ext4 filesystem image. (bnc#1099813)
- CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause a use-after-free in ext4_xattr_set_entry function
and a denial of service or unspecified other impact may occur by
renaming a file in a crafted ext4 filesystem image. (bnc#1099844)
- CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
write in the ext4 filesystem code when mounting and writing to a crafted
ext4 image in ext4_update_inline_data(). An attacker could use this to
cause a system crash and a denial of service. (bnc#1099845)
- CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound access in ext4_get_group_info
function, a denial of service, and a system crash by mounting and
operating on a crafted ext4 filesystem image. (bnc#1099864)
- CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound write in in fs/jbd2/transaction.c
code, a denial of service, and a system crash by unmounting a crafted
ext4 filesystem image. (bnc#1099849)
- CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image.
(bnc#1099863)
- CVE-2018-10902: It was found that the raw midi kernel driver did not
protect against concurrent access which leads to a double realloc
(double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()
handler in rawmidi.c file. A malicious local attacker could possibly use
this for privilege escalation (bnc#1105322).
- CVE-2018-10938: A crafted network packet sent remotely by an attacker
may force the kernel to enter an infinite loop in the cipso_v4_optptr()
function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A
certain non-default configuration of LSM (Linux Security Module) and
NetLabel should be set up on a system before an attacker could leverage
this flaw (bnc#1106016).
- CVE-2018-10940: The cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds
check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel
memory (bnc#1092903).
- CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
POSIX timer code is caused by the way the overrun accounting works.
Depending on interval and expiry time values, the overrun can be larger
than INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
local user can cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922).
- CVE-2018-13093: There is a NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occurs because of a lack of proper validation
that cached inodes are free during allocation (bnc#1100001).
- CVE-2018-13094: An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).
- CVE-2018-13095: A denial of service (memory corruption and BUG) can
occur for a corrupted xfs image upon encountering an inode that is in
extent format, but has more extents than fit in the inode fork
(bnc#1099999).
- CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).
- CVE-2018-14678: The xen_failsafe_callback entry point in
arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed
local users to cause a denial of service (uninitialized memory usage and
system crash). Within Xen, 64-bit x86 PV Linux guest OS users can
trigger a guest OS crash or possibly gain privileges (bnc#1102715).
- CVE-2018-15572: The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context
switch, which made it easier for attackers to conduct
userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).
- CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
calls, which made it easier for attackers to conduct Spectre-v2 attacks
against paravirtual guests (bnc#1105348).
- CVE-2018-16276: Local attackers could use user access read/writes with
incorrect bounds checking in the yurex USB driver to crash the kernel or
potentially escalate privileges (bnc#1106095).
- CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 (bnc#1107689).
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-6554: Memory leak in the irda_bind function in
net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c
allowed local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket (bnc#1106509).
- CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and
later in drivers/staging/irda/net/af_irda.c allowed local users to cause
a denial of service (ias_object use-after-free and system crash) or
possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
of service (memory consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).
- CVE-2018-9363: A buffer overflow in bluetooth HID report processing
could be used by malicious bluetooth devices to crash the kernel or
potentially execute code (bnc#1105292). The following security bugs were
fixed:
- CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c
allowed local users to cause a denial of service (double free) or
possibly have unspecified other impact by triggering a creation failure
(bnc#1082863).
The following non-security bugs were fixed:
- atm: Preserve value of skb->truesize when accounting to vcc
(bsc#1089066).
- bcache: avoid unncessary cache prefetch bch_btree_node_get()
(bsc#1064232).
- bcache: calculate the number of incremental GC nodes according to the
total of btree nodes (bsc#1064232).
- bcache: display rate debug parameters to 0 when writeback is not running
(bsc#1064232).
- bcache: do not check return value of debugfs_create_dir() (bsc#1064232).
- bcache: finish incremental GC (bsc#1064232).
- bcache: fix error setting writeback_rate through sysfs interface
(bsc#1064232).
- bcache: fix I/O significant decline while backend devices registering
(bsc#1064232).
- bcache: free heap cache_set->flush_btree in bch_journal_free
(bsc#1064232).
- bcache: make the pr_err statement used for ENOENT only in sysfs_attatch
section (bsc#1064232).
- bcache: release dc->writeback_lock properly in bch_writeback_thread()
(bsc#1064232).
- bcache: set max writeback rate when I/O request is idle (bsc#1064232).
- bcache: simplify the calculation of the total amount of flash dirty data
(bsc#1064232).
- ext4: check for allocation block validity with block group locked
(bsc#1104495).
- ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
- ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
- ext4: fix false negatives *and* false positives in
ext4_check_descriptors() (bsc#1103445).
- ibmvnic: Include missing return code checks in reset function
(bnc#1107966).
- kABI: protect struct x86_emulate_ops (kabi).
- kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)
- kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- kvm: MMU: always terminate page walks at level 1 (bsc#1062604).
- kvm: MMU: simplify last_pte_bitmap (bsc#1062604).
- kvm: nVMX: update last_nonleaf_level when initializing nested EPT
(bsc#1062604).
- kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
(bsc#1106369).
- net: add skb_condense() helper (bsc#1089066).
- net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).
- net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).
- net: ena: Eliminate duplicate barriers on weakly-ordered archs
(bsc#1108239).
- net: ena: fix device destruction to gracefully free resources
(bsc#1108239).
- net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239).
- net: ena: fix incorrect usage of memory barriers (bsc#1108239).
- net: ena: fix missing calls to READ_ONCE (bsc#1108239).
- net: ena: fix missing lock during device destruction (bsc#1108239).
- net: ena: fix potential double ena_destroy_device() (bsc#1108239).
- net: ena: fix surprise unplug NULL dereference kernel crash
(bsc#1108239).
- net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239).
- netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382
bsc#1100152).
- netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
- nfs: Use an appropriate work queue for direct-write completion
(bsc#1082519).
- ovl: fix random return value on mount (bsc#1099993).
- ovl: fix uid/gid when creating over whiteout (bsc#1099993).
- ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512).
- ovl: override creds with the ones from the superblock mounter
(bsc#1099993).
- powerpc: Avoid code patching freed init sections (bnc#1107735).
- powerpc/livepatch: Fix livepatch stack access (bsc#1094466).
- powerpc/modules: Do not try to restore r2 after a sibling call
(bsc#1094466).
- powerpc/tm: Avoid possible userspace r1 corruption on reclaim
(bsc#1109333).
- powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
- provide special timeout module parameters for EC2 (bsc#1065364).
- stop_machine: Atomically queue and wake stopper threads (git-fixes).
- stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
(bsc#1088810).
- usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
- x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too much RAM (bnc#1105536).
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM
(bnc#1105536).
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
(bsc#1106369).
- x86: Drop kernel trampoline stack. It is involved in breaking
kdump/kexec infrastucture. (bsc#1099597)
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- xen/blkback: do not keep persistent grants too long (bsc#1085042).
- xen/blkback: move persistent grants flags to bool (bsc#1085042).
- xen/blkfront: cleanup stale persistent grants (bsc#1085042).
- xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).
- xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).
- xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space
(bsc#1095344).
- xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).
- xfs: add a xfs_iext_update_extent helper (bsc#1095344).
- xfs: add comments documenting the rebalance algorithm (bsc#1095344).
- xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node
(bsc#1095344).
- xfs: add xfs_trim_extent (bsc#1095344).
- xfs: allow unaligned extent records in xfs_bmbt_disk_set_all
(bsc#1095344).
- xfs: borrow indirect blocks from freed extent when available
(bsc#1095344).
- xfs: cleanup xfs_bmap_last_before (bsc#1095344).
- xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: do not rely on extent indices in xfs_bmap_collapse_extents
(bsc#1095344).
- xfs: do not rely on extent indices in xfs_bmap_insert_extents
(bsc#1095344).
- xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).
- xfs: during btree split, save new block key & ptr for future insertion
(bsc#1095344).
- xfs: factor out a helper to initialize a local format inode fork
(bsc#1095344).
- xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).
- xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).
- xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).
- xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).
- xfs: improve kmem_realloc (bsc#1095344).
- xfs: inline xfs_shift_file_space into callers (bsc#1095344).
- xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).
- xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).
- xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).
- xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real
(bsc#1095344).
- xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).
- xfs: move pre/post-bmap tracing into xfs_iext_update_extent
(bsc#1095344).
- xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).
- xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).
- xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).
- xfs: move xfs_iext_insert tracepoint to report useful information
(bsc#1095344).
- xfs: new inode extent list lookup helpers (bsc#1095344).
- xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).
- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).
- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).
- xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).
- xfs: provide helper for counting extents from if_bytes (bsc#1095344).
- xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: refactor delalloc indlen reservation split into helper
(bsc#1095344).
- xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).
- xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).
- xfs: refactor xfs_bunmapi_cow (bsc#1095344).
- xfs: refactor xfs_del_extent_real (bsc#1095344).
- xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all
(bsc#1095344).
- xfs: remove a superflous assignment in xfs_iext_remove_node
(bsc#1095344).
- xfs: Remove dead code from inode recover function (bsc#1105396).
- xfs: remove if_rdev (bsc#1095344).
- xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).
- xfs: remove support for inlining data/extents into the inode fork
(bsc#1095344).
- xfs: remove the never fully implemented UUID fork format (bsc#1095344).
- xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).
- xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).
- xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).
- xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).
- xfs: remove xfs_bmbt_get_state (bsc#1095344).
- xfs: remove xfs_bmse_shift_one (bsc#1095344).
- xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).
- xfs: repair malformed inode items during log recovery (bsc#1105396).
- xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).
- xfs: replace xfs_qm_get_rtblks with a direct call to
xfs_bmap_count_leaves (bsc#1095344).
- xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).
- xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent
(bsc#1095344).
- xfs: rewrite xfs_bmap_first_unused to make better use of
xfs_iext_get_extent (bsc#1095344).
- xfs: simplify the xfs_getbmap interface (bsc#1095344).
- xfs: simplify validation of the unwritten extent bit (bsc#1095344).
- xfs: split indlen reservations fairly when under reserved (bsc#1095344).
- xfs: split xfs_bmap_shift_extents (bsc#1095344).
- xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real
(bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).
- xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).
- xfs: update freeblocks counter after extent deletion (bsc#1095344).
- xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).
- xfs: use a b+tree for the in-core extent list (bsc#1095344).
- xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}
(bsc#1095344).
- xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).
- xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).
- xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).
- xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).
- xfs: use xfs_bmap_del_extent_delay for the data fork as well
(bsc#1095344).
- xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents
(bsc#1095344).
- xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at
(bsc#1095344).
- xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).
- xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2188=1
- SUSE Linux Enterprise Server for SAP 12-SP2:
zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2188=1
- SUSE Linux Enterprise Server 12-SP2-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2188=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2188=1
- SUSE Linux Enterprise High Availability 12-SP2:
zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2188=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2018-2188=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1
Package List:
- SUSE OpenStack Cloud 7 (s390x x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
- SUSE OpenStack Cloud 7 (x86_64):
kgraft-patch-4_4_121-92_95-default-1-3.4.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1
- SUSE OpenStack Cloud 7 (noarch):
kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1
- SUSE OpenStack Cloud 7 (s390x):
kernel-default-man-4.4.121-92.95.1
- SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
kgraft-patch-4_4_121-92_95-default-1-3.4.1
- SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):
kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1
- SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
kgraft-patch-4_4_121-92_95-default-1-3.4.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):
kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):
kernel-default-man-4.4.121-92.95.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1
- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1
- SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.121-92.95.1
cluster-md-kmp-default-debuginfo-4.4.121-92.95.1
cluster-network-kmp-default-4.4.121-92.95.1
cluster-network-kmp-default-debuginfo-4.4.121-92.95.1
dlm-kmp-default-4.4.121-92.95.1
dlm-kmp-default-debuginfo-4.4.121-92.95.1
gfs2-kmp-default-4.4.121-92.95.1
gfs2-kmp-default-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
ocfs2-kmp-default-4.4.121-92.95.1
ocfs2-kmp-default-debuginfo-4.4.121-92.95.1
- SUSE Enterprise Storage 4 (noarch):
kernel-devel-4.4.121-92.95.1
kernel-macros-4.4.121-92.95.1
kernel-source-4.4.121-92.95.1
- SUSE Enterprise Storage 4 (x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-base-4.4.121-92.95.1
kernel-default-base-debuginfo-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
kernel-default-devel-4.4.121-92.95.1
kernel-syms-4.4.121-92.95.1
kgraft-patch-4_4_121-92_95-default-1-3.4.1
lttng-modules-2.7.1-9.6.1
lttng-modules-debugsource-2.7.1-9.6.1
lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
kernel-default-4.4.121-92.95.1
kernel-default-debuginfo-4.4.121-92.95.1
kernel-default-debugsource-4.4.121-92.95.1
References:
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-10876.html
https://www.suse.com/security/cve/CVE-2018-10877.html
https://www.suse.com/security/cve/CVE-2018-10878.html
https://www.suse.com/security/cve/CVE-2018-10879.html
https://www.suse.com/security/cve/CVE-2018-10880.html
https://www.suse.com/security/cve/CVE-2018-10881.html
https://www.suse.com/security/cve/CVE-2018-10882.html
https://www.suse.com/security/cve/CVE-2018-10883.html
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10938.html
https://www.suse.com/security/cve/CVE-2018-10940.html
https://www.suse.com/security/cve/CVE-2018-12896.html
https://www.suse.com/security/cve/CVE-2018-13093.html
https://www.suse.com/security/cve/CVE-2018-13094.html
https://www.suse.com/security/cve/CVE-2018-13095.html
https://www.suse.com/security/cve/CVE-2018-14617.html
https://www.suse.com/security/cve/CVE-2018-14678.html
https://www.suse.com/security/cve/CVE-2018-15572.html
https://www.suse.com/security/cve/CVE-2018-15594.html
https://www.suse.com/security/cve/CVE-2018-16276.html
https://www.suse.com/security/cve/CVE-2018-16658.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://www.suse.com/security/cve/CVE-2018-6554.html
https://www.suse.com/security/cve/CVE-2018-6555.html
https://www.suse.com/security/cve/CVE-2018-7480.html
https://www.suse.com/security/cve/CVE-2018-7757.html
https://www.suse.com/security/cve/CVE-2018-9363.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1062604
https://bugzilla.suse.com/1064232
https://bugzilla.suse.com/1065364
https://bugzilla.suse.com/1082519
https://bugzilla.suse.com/1082863
https://bugzilla.suse.com/1084536
https://bugzilla.suse.com/1085042
https://bugzilla.suse.com/1088810
https://bugzilla.suse.com/1089066
https://bugzilla.suse.com/1092903
https://bugzilla.suse.com/1094466
https://bugzilla.suse.com/1095344
https://bugzilla.suse.com/1096547
https://bugzilla.suse.com/1097104
https://bugzilla.suse.com/1099597
https://bugzilla.suse.com/1099811
https://bugzilla.suse.com/1099813
https://bugzilla.suse.com/1099844
https://bugzilla.suse.com/1099845
https://bugzilla.suse.com/1099846
https://bugzilla.suse.com/1099849
https://bugzilla.suse.com/1099863
https://bugzilla.suse.com/1099864
https://bugzilla.suse.com/1099922
https://bugzilla.suse.com/1099993
https://bugzilla.suse.com/1099999
https://bugzilla.suse.com/1100000
https://bugzilla.suse.com/1100001
https://bugzilla.suse.com/1100152
https://bugzilla.suse.com/1102517
https://bugzilla.suse.com/1102715
https://bugzilla.suse.com/1102870
https://bugzilla.suse.com/1103445
https://bugzilla.suse.com/1104319
https://bugzilla.suse.com/1104495
https://bugzilla.suse.com/1105292
https://bugzilla.suse.com/1105296
https://bugzilla.suse.com/1105322
https://bugzilla.suse.com/1105348
https://bugzilla.suse.com/1105396
https://bugzilla.suse.com/1105536
https://bugzilla.suse.com/1106016
https://bugzilla.suse.com/1106095
https://bugzilla.suse.com/1106369
https://bugzilla.suse.com/1106509
https://bugzilla.suse.com/1106511
https://bugzilla.suse.com/1106512
https://bugzilla.suse.com/1106594
https://bugzilla.suse.com/1107689
https://bugzilla.suse.com/1107735
https://bugzilla.suse.com/1107966
https://bugzilla.suse.com/1108239
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1109333
_______________________________________________
==============================================================================
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3088-1
Rating: important
References: #1045538 #1048185 #1050381 #1050431 #1057199
#1060245 #1064861 #1068032 #1080157 #1087081
#1092772 #1092903 #1093666 #1096547 #1098822
#1099922 #1100132 #1100705 #1102517 #1102870
#1103119 #1104481 #1104684 #1104818 #1104901
#1105100 #1105322 #1105348 #1105536 #1105723
#1106095 #1106105 #1106199 #1106202 #1106206
#1106209 #1106212 #1106369 #1106509 #1106511
#1106609 #1106886 #1106930 #1106995 #1107001
#1107064 #1107071 #1107650 #1107689 #1107735
#1107949 #1108096 #1108170 #1108823 #1108912
Cross-References: CVE-2018-10902 CVE-2018-10940 CVE-2018-12896
CVE-2018-14617 CVE-2018-14634 CVE-2018-14734
CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
CVE-2018-16658 CVE-2018-6554 CVE-2018-6555
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 43 fixes
is now available.
Description:
The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14634: Prevent integer overflow in create_elf_tables that
allowed a local attacker to exploit this vulnerability via a SUID-root
binary and obtain full root privileges (bsc#1108912)
- CVE-2018-14617: Prevent NULL pointer dereference and panic in
hfsplus_lookup() when opening a file (that is purportedly a hard link)
in an hfs+ filesystem that has malformed catalog data, and is mounted
read-only without a metadata directory (bsc#1102870)
- CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
yurex_read allowed local attackers to use user access read/writes to
crash the kernel or potentially escalate privileges (bsc#1106095)
- CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
was caused by the way the overrun accounting works. Depending on
interval and expiry time values, the overrun can be larger than INT_MAX,
but the accounting is int based. This basically made the accounting
values, which are visible to user space via timer_getoverrun(2) and
siginfo::si_overrun, random. This allowed a local user to cause a denial
of service (signed integer overflow) via crafted mmap, futex,
timer_create, and timer_settime system calls (bnc#1099922)
- CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
- CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
that could have been used by local attackers to read kernel memory
(bnc#1107689)
- CVE-2018-6555: The irda_setsockopt function allowed local users to cause
a denial of service (ias_object use-after-free and system crash) or
possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511)
- CVE-2018-6554: Prevent memory leak in the irda_bind function that
allowed local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket (bnc#1106509)
- CVE-2018-15594: Ensure correct handling of indirect calls, to prevent
attackers for conducting Spectre-v2 attacks against paravirtual guests
(bsc#1105348)
- CVE-2018-15572: The spectre_v2_select_mitigation function did not always
fill RSB upon a context switch, which made it easier for attackers to
conduct userspace-userspace spectreRSB attacks (bnc#1102517)
- CVE-2018-10902: Protect against concurrent access to prevent double
realloc (double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status(). A malicious local attacker could have used
this for privilege escalation (bnc#1105322).
- CVE-2018-14734: ucma_leave_multicast accessed a certain data structure
after a cleanup step in ucma_process_join, which allowed attackers to
cause a denial
of service (use-after-free) (bsc#1103119)
The following non-security bugs were fixed:
- ACPI: APEI / ERST: Fix missing error handling in erst_reader()
(bsc#1045538).
- ALSA: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1045538).
- ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
(bsc#1045538).
- ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
(bsc#1045538).
- ALSA: pcm: fix fifo_size frame calculation (bsc#1045538).
- ALSA: snd-aoa: add of_node_put() in error path (bsc#1045538).
- ALSA: usb-audio: Add sanity checks in v2 clock parsers (bsc#1045538).
- ALSA: usb-audio: Add sanity checks to FE parser (bsc#1045538).
- ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
(bsc#1045538).
- ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
(bsc#1045538).
- ALSA: usb-audio: Fix parameter block size for UAC2 control requests
(bsc#1045538).
- ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
(bsc#1045538).
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
(bsc#1045538).
- ALSA: usb-audio: Set correct type for some UAC2 mixer controls
(bsc#1045538).
- ASoC: blackfin: Fix missing break (bsc#1045538).
- Enforce module signatures if the kernel is locked down (bsc#1093666).
- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
(bsc#1106369).
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- PCI: Fix TI816X class code quirk (bsc#1050431).
- Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch
(bsc#1105100).
- TPM: Zero buffer whole after copying to userspace (bsc#1050381).
- USB: serial: io_ti: fix NULL-deref in interrupt callback (bsc#1106609).
- USB: serial: sierra: fix potential deadlock at close (bsc#1100132).
- applicom: dereferencing NULL on error path (git-fixes).
- ath5k: Change led pin configuration for compaq c700 laptop (bsc#1048185).
- base: make module_create_drivers_dir race-free (git-fixes).
- block: fix an error code in add_partition() (bsc#1106209).
- btrfs: scrub: Do not use inode page cache in
scrub_handle_errored_block() (bsc#1108096).
- btrfs: scrub: Do not use inode pages for device replace (bsc#1107949).
- dasd: Add IFCC notice message (bnc#1104481, LTC#170484).
- drm/i915: Remove bogus __init annotation from DMI callbacks
(bsc#1106886).
- drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
(bsc#1106886).
- drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
(bsc#1106886).
- drm: crtc: integer overflow in drm_property_create_blob() (bsc#1106886).
- fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106886).
- iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105).
- iommu/amd: Fix the left value check of cmd buffer (bsc#1106105).
- iommu/amd: Free domain id when free a domain of struct dma_ops_domain
(bsc#1106105).
- iommu/amd: Update Alias-DTE in update_device_table() (bsc#1106105).
- iommu/vt-d: Do not over-free page table directories (bsc#1106105).
- iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).
- ipv6: Regenerate host route according to node pointer upon loopback up
(bsc#1100705).
- ipv6: correctly add local routes when lo goes up (bsc#1100705).
- ipv6: introduce ip6_rt_put() (bsc#1100705).
- ipv6: reallocate addrconf router for ipv6 address when lo device up
(bsc#1100705).
- kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- mm/hugetlb: add migration/hwpoisoned entry check in
hugetlb_change_protection (bnc#1107071).
- mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1107064).
- modsign: log module name in the event of an error (bsc#1093666).
- modsign: print module name along with error message (bsc#1093666).
- module: make it clear when we're handling the module copy in info->hdr
(bsc#1093666).
- module: setup load info before module_sig_check() (bsc#1093666).
- nbd: ratelimit error msgs after socket close (bsc#1106206).
- ncpfs: return proper error from NCP_IOC_SETROOT ioctl (bsc#1106199).
- perf/x86/intel: Add cpu_(prepare|starting|dying) for core_pmu
(bsc#1104901).
- powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032,
git-fixes).
- powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772,
bsc#1107650).
- powerpc/fadump: exclude memory holes while reserving memory in second
kernel (bsc#1092772, bsc#1107650).
- powerpc/fadump: re-register firmware-assisted dump if already registered
(bsc#1108170, bsc#1108823).
- powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1064861).
- powerpc/lib: Fix the feature fixup tests to actually work (bsc#1064861).
- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
(bsc#1068032, bsc#1080157, git-fixes).
- powerpc: Avoid code patching freed init sections (bnc#1107735).
- powerpc: make feature-fixup tests fortify-safe (bsc#1064861).
- ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001).
- qlge: Fix netdev features configuration (bsc#1098822).
- resource: fix integer overflow at reallocation (bsc#1045538).
- rpm/kernel-docs.spec.in: Expand kernel tree directly from sources
(bsc#1057199)
- s390/ftrace: use expoline for indirect branches (bnc#1106930,
LTC#171029).
- s390/kernel: use expoline for indirect branches (bnc#1106930,
LTC#171029).
- s390/qeth: do not clobber buffer on async TX completion (bnc#1060245,
LTC#170349).
- s390: Correct register corruption in critical section cleanup
(bnc#1106930, LTC#171029).
- s390: add assembler macros for CPU alternatives (bnc#1106930,
LTC#171029).
- s390: detect etoken facility (bnc#1106930, LTC#171029).
- s390: move expoline assembler macros to a header (bnc#1106930,
LTC#171029).
- s390: move spectre sysfs attribute code (bnc#1106930, LTC#171029).
- s390: remove indirect branch from do_softirq_own_stack (bnc#1106930,
LTC#171029).
- sys: do not hold uts_sem while accessing userspace memory (bnc#1106995).
- tpm: fix race condition in tpm_common_write() (bsc#1050381).
- tracing/blktrace: Fix to allow setting same value (bsc#1106212).
- tty: vt, fix bogus division in csi_J (git-fixes).
- tty: vt, return error when con_startup fails (git-fixes).
- uml: fix hostfs mknod() (bsc#1106202).
- usb: audio-v2: Correct the comment for struct
uac_clock_selector_descriptor (bsc#1045538).
- usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
- x86, l1tf: Protect PROT_NONE PTEs against speculation fixup
(bnc#1104684, bnc#1104818).
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(bnc#1087081).
- x86/init: fix build with CONFIG_SWAP=n (bsc#1105723).
- x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#1106105).
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too much RAM (bnc#1105536).
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM
(bnc#1105536).
- x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes).
- xen x86/speculation/l1tf: Fix off-by-one error when warning that system
has too much RAM (bnc#1105536).
- xen x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).
- xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup
(bnc#1104684, bnc#1104818).
- xen: x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(bnc#1087081).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 11-SP4:
zypper in -t patch slertesp4-linux-kernel-13810=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-linux-kernel-13810=1
Package List:
- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
kernel-rt-3.0.101.rt130-69.36.1
kernel-rt-base-3.0.101.rt130-69.36.1
kernel-rt-devel-3.0.101.rt130-69.36.1
kernel-rt_trace-3.0.101.rt130-69.36.1
kernel-rt_trace-base-3.0.101.rt130-69.36.1
kernel-rt_trace-devel-3.0.101.rt130-69.36.1
kernel-source-rt-3.0.101.rt130-69.36.1
kernel-syms-rt-3.0.101.rt130-69.36.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
kernel-rt-debuginfo-3.0.101.rt130-69.36.1
kernel-rt-debugsource-3.0.101.rt130-69.36.1
kernel-rt_debug-debuginfo-3.0.101.rt130-69.36.1
kernel-rt_debug-debugsource-3.0.101.rt130-69.36.1
kernel-rt_trace-debuginfo-3.0.101.rt130-69.36.1
kernel-rt_trace-debugsource-3.0.101.rt130-69.36.1
References:
https://www.suse.com/security/cve/CVE-2018-10902.html
https://www.suse.com/security/cve/CVE-2018-10940.html
https://www.suse.com/security/cve/CVE-2018-12896.html
https://www.suse.com/security/cve/CVE-2018-14617.html
https://www.suse.com/security/cve/CVE-2018-14634.html
https://www.suse.com/security/cve/CVE-2018-14734.html
https://www.suse.com/security/cve/CVE-2018-15572.html
https://www.suse.com/security/cve/CVE-2018-15594.html
https://www.suse.com/security/cve/CVE-2018-16276.html
https://www.suse.com/security/cve/CVE-2018-16658.html
https://www.suse.com/security/cve/CVE-2018-6554.html
https://www.suse.com/security/cve/CVE-2018-6555.html
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1048185
https://bugzilla.suse.com/1050381
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1057199
https://bugzilla.suse.com/1060245
https://bugzilla.suse.com/1064861
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1080157
https://bugzilla.suse.com/1087081
https://bugzilla.suse.com/1092772
https://bugzilla.suse.com/1092903
https://bugzilla.suse.com/1093666
https://bugzilla.suse.com/1096547
https://bugzilla.suse.com/1098822
https://bugzilla.suse.com/1099922
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1100705
https://bugzilla.suse.com/1102517
https://bugzilla.suse.com/1102870
https://bugzilla.suse.com/1103119
https://bugzilla.suse.com/1104481
https://bugzilla.suse.com/1104684
https://bugzilla.suse.com/1104818
https://bugzilla.suse.com/1104901
https://bugzilla.suse.com/1105100
https://bugzilla.suse.com/1105322
https://bugzilla.suse.com/1105348
https://bugzilla.suse.com/1105536
https://bugzilla.suse.com/1105723
https://bugzilla.suse.com/1106095
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106199
https://bugzilla.suse.com/1106202
https://bugzilla.suse.com/1106206
https://bugzilla.suse.com/1106209
https://bugzilla.suse.com/1106212
https://bugzilla.suse.com/1106369
https://bugzilla.suse.com/1106509
https://bugzilla.suse.com/1106511
https://bugzilla.suse.com/1106609
https://bugzilla.suse.com/1106886
https://bugzilla.suse.com/1106930
https://bugzilla.suse.com/1106995
https://bugzilla.suse.com/1107001
https://bugzilla.suse.com/1107064
https://bugzilla.suse.com/1107071
https://bugzilla.suse.com/1107650
https://bugzilla.suse.com/1107689
https://bugzilla.suse.com/1107735
https://bugzilla.suse.com/1107949
https://bugzilla.suse.com/1108096
https://bugzilla.suse.com/1108170
https://bugzilla.suse.com/1108823
https://bugzilla.suse.com/1108912
_______________________________________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW71/02aOgq3Tt24GAQi98A/+MGODYN/GPjuXvkhebXX/I7jQ52bqcCH8
3SYQvmsyAGL3ZzEF+7Lrq1KXsg4o/daHZWYU7kVqegAeTFdJn9AREpHad2Im4Huj
Q0q4Wn0acbLLmCywvua1jbJ+SQiIpk4iyRt/y1cxhuy74TzBYx5g2NMEF9nsuEZy
6dbOemHsBEYlqtR/ra07iOwkPNuY5sUtXIteAPSXmUBQ+MjZj7le6fN8x4cV0UlH
LL+/UWIES+N3dgxqAWX/ko+9vxrPVKsE9mcDusrKWkkqcOsHika4hWjJLj8gALYo
xqMOm3o7CFXJORTj4bK/levrrDEsG3MV6ciyFl1MyPb8WveqXXt7qxiXUDUJ67D0
umY2jvA7aEycV8DdXUALwTNgsabxPIfJMLbd5BB2MaXS28+b9O5w8iYNsrujXKFY
4zQve5k2G2B7QUKM7YsxVqvkwy7bF4NPraSRbcdTKHxRHaMcqJRXTa19MMM1Mzpo
U9U03WrvX/2ZGKPV5AWneDOekzyV6QQDap77x+5q1RYMKLoY0hu1mYa3w/OYrfAr
DBGd2N7A7G7MrJgn3fhcnbL2rf8YdS0HPD/pOXoq9ML1n+9/PuLi0K2IxlNB8iXY
vZDFKP1YsbuFM+t0dmLFxaPqPhHC00OxYsWPAinV34K5CXw2mt12X3aT4TZdVM36
7rEbfBIJr4c=
=oq9c
-----END PGP SIGNATURE-----