Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0558
SUSE Security Update: Security update for the Linux Kernel
25 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service -- Existing Account
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3460 CVE-2019-3459 CVE-2017-18249
Reference: ESB-2019.0335.5
ASB-2018.0190
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20190470-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:0470-1
Rating: important
References: #1012382 #1023175 #1087036 #1094823 #1102875
#1102877 #1102879 #1102882 #1102896 #1106105
#1106929 #1107866 #1109695 #1114893 #1116653
#1119680 #1120722 #1120758 #1120902 #1121726
#1122650 #1122651 #1122779 #1122885 #1123321
#1123323 #1123357
Cross-References: CVE-2017-18249 CVE-2019-3459 CVE-2019-3460
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP3
______________________________________________________________________________
An update that solves three vulnerabilities and has 24
fixes is now available.
Description:
The SUSE Linux Enterprise 12 realtime kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid
function fs/f2fs/node.c, which previously allowed local users to cause a
denial of service (bnc#1087036).
- CVE-2019-3459: Fixed remote heap address information leak in use of
l2cap_get_conf_opt (bnc#1120758).
- CVE-2019-3460: Fixed remote data leak in multiple location in the
function l2cap_parse_conf_rsp (bnc#1120758).
The following non-security bugs were fixed:
- Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
- Fix problem with sharetransport= and NFSv4 (bsc#1114893).
- Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit
e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- Yama: Check for pid death before checking ancestry (bnc#1012382).
- acpi / processor: Fix the return value of acpi_processor_ids_walk() (git
fixes (acpi)).
- acpi/nfit: Block function zero DSMs (bsc#1123321).
- acpi/nfit: Fix command-supported detection (bsc#1123323).
- acpi: power: Skip duplicate power resource references in _PRx
(bnc#1012382).
- alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
(bnc#1012382).
- arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
- arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
- arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
- ata: Fix racy link clearance (bsc#1107866).
- block/loop: Use global lock for ioctl() operation (bnc#1012382).
- block/swim3: Fix -EBUSY error when re-opening device after unmount
(Git-fixes).
- Btrfs: tree-check: reduce stack consumption in check_dir_item
(bnc#1012382).
- Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
- Btrfs: tree-checker: Do not check max block group size as current max
chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875
bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
- Btrfs: tree-checker: Fix misleading group system information
(bnc#1012382).
- Btrfs: validate type when reading a chunk (bnc#1012382).
- Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
- can: gw: ensure DLC boundaries after CAN frame modification
(bnc#1012382).
- cifs: Do not hide EINTR after sending network packets (bnc#1012382).
- cifs: Fix potential OOB access of lock element array (bnc#1012382).
- clk: imx6q: reset exclusive gates on init (bnc#1012382).
- crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
- crypto: authencesn - Avoid twice completion call in decrypt path
(bnc#1012382).
- crypto: cts - fix crash on short inputs (bnc#1012382).
- crypto: user - support incremental algorithm dumps (bsc#1120902).
- dm crypt: add cryptographic data integrity protection (authenticated
encryption) (Git-fixes).
- dm crypt: factor IV constructor out to separate function (Git-fixes).
- dm crypt: fix crash by adding missing check for auth key size
(git-fixes).
- dm crypt: fix error return code in crypt_ctr() (git-fixes).
- dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
- dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
- dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
- dm snapshot: Fix excessive memory usage and workqueue stalls
(bnc#1012382).
- dm: do not allow readahead to limit IO size (git fixes (readahead)).
- e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
- edac: Raise the maximum number of memory controllers (bsc#1120722).
- efi/libstub/arm64: Use hidden attribute for struct screen_info reference
(bsc#1122650).
- ext4: Fix crash during online resizing (bsc#1122779).
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data
(bnc#1012382).
- f2fs: Add sanity_check_inode() function (bnc#1012382).
- f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
- f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
- f2fs: clean up argument of recover_data (bnc#1012382).
- f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
- f2fs: detect wrong layout (bnc#1012382).
- f2fs: enhance sanity_check_raw_super() to avoid potential overflow
(bnc#1012382).
- f2fs: factor out fsync inode entry operations (bnc#1012382).
- f2fs: fix inode cache leak (bnc#1012382).
- f2fs: fix invalid memory access (bnc#1012382).
- f2fs: fix missing up_read (bnc#1012382).
- f2fs: fix to avoid reading out encrypted data in page cache
(bnc#1012382).
- f2fs: fix to convert inline directory correctly (bnc#1012382).
- f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
- f2fs: fix to do sanity check with block address in main area
(bnc#1012382).
- f2fs: fix to do sanity check with block address in main area v2
(bnc#1012382).
- f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
- f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
- f2fs: fix to do sanity check with reserved blkaddr of inline inode
(bnc#1012382).
- f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
- f2fs: fix to do sanity check with user_block_count (bnc#1012382).
- f2fs: fix validation of the block count in sanity_check_raw_super
(bnc#1012382).
- f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
- f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
- f2fs: introduce and spread verify_blkaddr (bnc#1012382).
- f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
- f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
- f2fs: not allow to write illegal blkaddr (bnc#1012382).
- f2fs: put directory inodes before checkpoint in roll-forward recovery
(bnc#1012382).
- f2fs: remove an obsolete variable (bnc#1012382).
- f2fs: return error during fill_super (bnc#1012382).
- f2fs: sanity check on sit entry (bnc#1012382).
- f2fs: use crc and cp version to determine roll-forward recovery
(bnc#1012382).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
- i2c: dev: prevent adapter retries and timeout being set as minus value
(bnc#1012382).
- ibmveth: Do not process frames after calling napi_reschedule
(bcs#1123357).
- ibmvnic: Add ethtool private flag for driver-defined queue limits
(bsc#1121726).
- ibmvnic: Increase maximum queue size limit (bsc#1121726).
- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
- iommu/amd: Fix IOMMU page flush when detach device from a domain
(bsc#1106105).
- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
(bsc#1106105).
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull
(bnc#1012382).
- ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
address (bnc#1012382).
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
(bnc#1012382).
- ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
(bnc#1012382).
- kabi: reorder new slabinfo fields in struct kmem_cache_node
(bnc#1116653).
- kconfig: fix file name and line number of warn_ignored_character()
(bnc#1012382).
- kconfig: fix memory leak when EOF is encountered in quotation
(bnc#1012382).
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
(bnc#1012382).
- loop: Fold __loop_release into loop_release (bnc#1012382).
- loop: Get rid of loop_index_mutex (bnc#1012382).
- lsm: Check for NULL cred-security on free (bnc#1012382).
- md: batch flush requests (bsc#1119680).
- media: em28xx: Fix misplaced reset of dev->v4l::field_count
(bnc#1012382).
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
(bnc#1012382).
- media: vb2: be sure to unlock mutex on errors (bnc#1012382).
- media: vb2: vb2_mmap: move lock up (bnc#1012382).
- media: vivid: fix error handling of kthread_run (bnc#1012382).
- media: vivid: set min width/height to a value > 0 (bnc#1012382).
- mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
- mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
(bnc#1012382).
- mips: fix n32 compat_ipc_parse_version (bnc#1012382).
- mm, proc: be more verbose about unstable VMA flags in
/proc/<pid>/smaps (bnc#1012382).
- mm, slab: faster active and free stats (bsc#1116653, VM Performance).
- mm, slab: maintain total slab count instead of active count
(bsc#1116653, VM Performance).
- mm/page-writeback.c: do not break integrity writeback on ->writepage()
error (bnc#1012382).
- mm/slab: improve performance of gathering slabinfo stats (bsc#1116653,
VM Performance).
- mm: only report isolation failures when offlining memory (generic
hotplug debugability).
- mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
- net: bridge: fix a bug on using a neighbour cache entry without checking
its state (bnc#1012382).
- net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
- net: speed up skb_rbtree_purge() (bnc#1012382).
- ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
- omap2fb: Fix stack memory disclosure (bsc#1106929)
- packet: Do not leak dev refcounts on error exit (bnc#1012382).
- pci: altera: Check link status before retrain link (bnc#1012382).
- pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
- pci: altera: Move retrain from fixup to altera_pcie_host_init()
(bnc#1012382).
- pci: altera: Poll for link training status after retraining the link
(bnc#1012382).
- pci: altera: Poll for link up status after retraining the link
(bnc#1012382).
- pci: altera: Reorder read/write functions (bnc#1012382).
- pci: altera: Rework config accessors for use without a struct pci_bus
(bnc#1012382).
- perf intel-pt: Fix error with config term "pt=0" (bnc#1012382).
- perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
- perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off
hotkey (bnc#1012382).
- powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores
(bsc#1109695).
- powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
- powerpc/smp: Rework CPU topology construction (bsc#1109695).
- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
- powerpc: Detect the presence of big-cores via "ibm, thread-groups"
(bsc#1109695).
- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores
(bsc#1109695).
- powerpc: make use of for_each_node_by_type() instead of open-coding it
(bsc#1109695).
- proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
- pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
- r8169: Add support for new Realtek Ethernet (bnc#1012382).
- scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
- scsi: sd: Fix cache_type_store() (bnc#1012382).
- scsi: target: use consistent left-aligned ASCII INQUIRY data
(bnc#1012382).
- sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
- selinux: fix GPF on invalid policy (bnc#1012382).
- slab: alien caches must not be initialized if the allocation of the
alien cache failed (bnc#1012382).
- sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
- sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
(bnc#1012382).
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
- usb: storage: add quirk for SMI SM3350 (bnc#1012382).
- usb: storage: do not insert sane sense for SPC3+ when bad sense
specified (bnc#1012382).
- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes
(writeback)).
- x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 12-SP3:
zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1
Package List:
- SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):
kernel-devel-rt-4.4.172-3.35.1
kernel-source-rt-4.4.172-3.35.1
- SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):
cluster-md-kmp-rt-4.4.172-3.35.1
cluster-md-kmp-rt-debuginfo-4.4.172-3.35.1
dlm-kmp-rt-4.4.172-3.35.1
dlm-kmp-rt-debuginfo-4.4.172-3.35.1
gfs2-kmp-rt-4.4.172-3.35.1
gfs2-kmp-rt-debuginfo-4.4.172-3.35.1
kernel-rt-4.4.172-3.35.1
kernel-rt-base-4.4.172-3.35.1
kernel-rt-base-debuginfo-4.4.172-3.35.1
kernel-rt-debuginfo-4.4.172-3.35.1
kernel-rt-debugsource-4.4.172-3.35.1
kernel-rt-devel-4.4.172-3.35.1
kernel-rt_debug-debuginfo-4.4.172-3.35.1
kernel-rt_debug-debugsource-4.4.172-3.35.1
kernel-rt_debug-devel-4.4.172-3.35.1
kernel-rt_debug-devel-debuginfo-4.4.172-3.35.1
kernel-syms-rt-4.4.172-3.35.1
ocfs2-kmp-rt-4.4.172-3.35.1
ocfs2-kmp-rt-debuginfo-4.4.172-3.35.1
References:
https://www.suse.com/security/cve/CVE-2017-18249.html
https://www.suse.com/security/cve/CVE-2019-3459.html
https://www.suse.com/security/cve/CVE-2019-3460.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/1087036
https://bugzilla.suse.com/1094823
https://bugzilla.suse.com/1102875
https://bugzilla.suse.com/1102877
https://bugzilla.suse.com/1102879
https://bugzilla.suse.com/1102882
https://bugzilla.suse.com/1102896
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1107866
https://bugzilla.suse.com/1109695
https://bugzilla.suse.com/1114893
https://bugzilla.suse.com/1116653
https://bugzilla.suse.com/1119680
https://bugzilla.suse.com/1120722
https://bugzilla.suse.com/1120758
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1121726
https://bugzilla.suse.com/1122650
https://bugzilla.suse.com/1122651
https://bugzilla.suse.com/1122779
https://bugzilla.suse.com/1122885
https://bugzilla.suse.com/1123321
https://bugzilla.suse.com/1123323
https://bugzilla.suse.com/1123357
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXHNKmWaOgq3Tt24GAQjruw/9G33ejBmCyUusealjv1d6vDII08uer2vW
wTbZB2Eg9qtcGm1hXZk6YicrkKyLnCpjbMd2zrl85m7eDIqR2rw6A0Y9RCNu/k54
CjiOQqJPrgoo2DL5+oc4aLjAlbSRRfd9UDWbMI7lZKNnM/Y8BZh01NQx29jpmx2r
wvxoZgXSD0y19T3FKpwUicvIHwxA1ZL8UVbY64dpypLinESmK8j7ZDQeN3oOE8P5
Y7TRaK1fsHhabdSVYIZcl0skgd73YWITuN4GwJfpl8S814uJcDUJDJRsuG+cTir8
sTtP/E+zaqcXCAYzLSvhQWgOBMQpmWaa3tVExAPeoNFaxcntTgQI9TGdAXeKeCFK
IqJpCTgRJ2c9UMWHP6aXTEhv+1KKFCZGQoP3Xcv9juTk9hCiaibGrdvd/zOWM6g3
wGFsrKMrPxmPOF4W9jAz4MxEz07VQR0sjhDV4+WkPYoKDD+q4NxUfm7krQsaovve
IAjHIqEM4RasFtezn75qNJ2ZpOHdGe7q1pKgoqbyBBYx1FDhQGmIgXoC6NrxAxq2
qFBCJPN+1C7XrRwbkTZ3PtLcqRntZ6CK1WHAuLT9Ja70P0qbt6Bks1sQOEeM57bY
PxsKG60fkILMi8XO+J+UTF7OqigDL2t7t+mJ1eOlZEuviowVxxquvUFWmTMn5aDL
Ti0VIOsZ/lo=
=QKsI
-----END PGP SIGNATURE-----