-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1774
         SUSE-SU-2019:14051-1 Security update for the Linux Kernel
                                17 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Increased Privileges   -- Existing Account      
                   Access Privileged Data -- Existing Account      
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11091 CVE-2019-9213 CVE-2018-12130
                   CVE-2018-12127 CVE-2018-12126 CVE-2013-1979
                   CVE-2013-0231 CVE-2013-0216 CVE-2013-0160
                   CVE-2012-3430 CVE-2012-3412 

Reference:         ASB-2019.0138
                   ESB-2019.1743
                   ESB-2019.1737.2
                   ESB-2019.1728
                   ESB-2019.1723

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:14051-1
Rating:            important
References:        #1082943 #1094244 #1103186 #1106886 #1110436 #1111331
                   #1112178 #1117515 #1119019 #1127082 #1127376 #1127445
                   #1127534 #1127738 #1128166 #1128383 #1129248 #1129437
                   #1129439 #1129770 #1130353 #1130384 #1131107 #1131587
                   #1132589 #773383 #774523 #797175 #800280 #801178 #816708
Cross-References:  CVE-2012-3412 CVE-2012-3430 CVE-2013-0160 CVE-2013-0216
                   CVE-2013-0231 CVE-2013-1979 CVE-2018-12126 CVE-2018-12127
                   CVE-2018-12130 CVE-2019-11091 CVE-2019-9213
Affected Products:
                   SUSE Linux Enterprise Server 11-SP4-LTSS
                   SUSE Linux Enterprise Server 11-EXTRA
                   SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 20 fixes is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security
and bugfixes.
Four new speculative execution information leak issues have been identified in
Intel CPUs. (bsc#1111331)

  o CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  o CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  o CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
  o CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)


This kernel update contains software mitigations for these issues, which also
utilize CPU microcode updates shipped in parallel.
For more information on this set of information leaks, check out https://
www.suse.com/support/kb/doc/id=7023736
The following security bugs were fixed:

  o CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check
    for the mmap minimum address, which made it easier for attackers to exploit
    kernel NULL pointer dereferences on non-SMAP platforms. This is related to
    a capability check for the wrong task (bnc#1128166).
  o CVE-2013-0216: The Xen netback functionality allowed guest OS users to
    cause a denial of service (loop) by triggering ring pointer corruption (bnc
    #800280).
  o CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver
    (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS
    users with PCI device access to cause a denial of service via a large
    number of kernel log messages. (bnc#801178).
  o CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not
    initialize a certain structure member, which allowed local users to obtain
    potentially sensitive information from kernel stack memory via a recvfrom
    or recvmsg system call on an RDS socket (bnc#773383).
  o CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote
    attackers to cause a denial of service (DMA descriptor consumption and
    network-controller outage) via crafted TCP packets that trigger a small MSS
    value (bnc#774523).
  o CVE-2013-0160: The kernel allowed local users to obtain sensitive
    information about keystroke timing by using the inotify API on the /dev/
    ptmx device (bnc#797175).
  o CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses
    incorrect uid and gid values during credentials passing, which allowed
    local users to gain privileges via a crafted application (bnc#816708).


The following non-security bugs were fixed:

  o Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107).
  o EHCI: improved logic for isochronous scheduling (bsc#1117515).
  o KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129439).
  o USB: Add new USB LPM helpers (bsc#1129770).
  o USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770).
  o USB: EHCI: add new root-hub state: STOPPING (bsc#1117515).
  o USB: EHCI: add pointer to end of async-unlink list (bsc#1117515).
  o USB: EHCI: add symbolic constants for QHs (bsc#1117515).
  o USB: EHCI: always scan each interrupt QH (bsc#1117515).
  o USB: EHCI: do not lose events during a scan (bsc#1117515).
  o USB: EHCI: do not refcount QHs (bsc#1117515).
  o USB: EHCI: do not refcount iso_stream structures (bsc#1117515).
  o USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515).
  o USB: EHCI: fix up locking (bsc#1117515).
  o USB: EHCI: initialize data before resetting hardware (bsc#1117515).
  o USB: EHCI: introduce high-res timer (bsc#1117515).
  o USB: EHCI: remove PS3 status polling (bsc#1117515).
  o USB: EHCI: remove unneeded suspend/resume code (bsc#1117515).
  o USB: EHCI: rename "reclaim" (bsc#1117515).
  o USB: EHCI: resolve some unlikely races (bsc#1117515).
  o USB: EHCI: return void instead of 0 (bsc#1117515).
  o USB: EHCI: simplify isochronous scanning (bsc#1117515).
  o USB: EHCI: unlink multiple async QHs together (bsc#1117515).
  o USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515).
  o USB: EHCI: use hrtimer for async schedule (bsc#1117515).
  o USB: EHCI: use hrtimer for controller death (bsc#1117515).
  o USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515).
  o USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515).
  o USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515).
  o USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515).
  o USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515).
  o copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
  o cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
  o drm: Fix error handling in drm_legacy_addctx (bsc#1106886)
  o ext3: Set bitmap tails when growing filesystem (bsc#1128383).
  o fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106886)
  o iommu/vt-d: Check capability before disabling protected memory (bsc#
    1130353).
  o iommu/vt-d: Check identity map for hot-added devices (bsc#1129248).
  o kernel/watchdog.c: control hard lockup detection default (bsc#1110436).
  o kvm: ensure hard lockup detection is disabled by default (bsc#1110436).
  o kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129437).
  o kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
  o mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/mmap)).
  o mpt2sas: Fix IO error occurs on pulling out a drive from RAID1 volume
    created on two SATA drive (bsc#1130384).
  o nfsd: fix memory corruption caused by readdir (bsc#1127445).
  o powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).
  o powerpc/64: Disable the speculation barrier from the command line (bsc#
    1131107).
  o powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).
  o powerpc/64s: Add new security feature flags for count cache flush (bsc#
    1131107).
  o powerpc/64s: Add support for software count cache flush (bsc#1131107).
  o powerpc/asm: Add a patch_site macro & helpers for patching instructions
    (bsc#1131107).
  o powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).
  o powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244,
    git-fixes).
  o powerpc/pseries: Query hypervisor for count cache flush settings (bsc#
    1131107).
  o powerpc/security: Fix spectre_v2 reporting (bsc#1131107).
  o powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
  o powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
  o powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#
    1131587).
  o s390/dasd: fix panic for failed online processing (bsc#1132589).
  o s390/qeth: cancel close_dev work before removing a card (LTC#175048, bsc#
    1127376).
  o s390/qeth: fix use-after-free in error path (LTC#175048, bsc#1127376, bsc#
    1127534).
  o s390/qeth: handle failure on workqueue creation (LTC#175048, bsc#1127376).
  o s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
  o sched/core: Optimize SCHED_SMT (bsc#1111331).
  o sched/smt: Expose sched_smt_present static key (bsc#1111331).
  o sched/smt: Make sched_smt_present track topology (bsc#1111331).
  o sched/smt: Update sched_smt_present at runtime (bsc#1111331).
  o scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#
    1119019).
  o scsi: qla2xxx: do not disable a not previously enabled PCI device (bsc#
    1127738).
  o x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).
  o x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331).
  o x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).
  o x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).
  o x86/speculation/mds: Add SMT warning message (bsc#1111331).
  o x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).
  o x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).
  o x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).
  o x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).
  o x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).
  o x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).
  o x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).
  o x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#
    1111331).
  o x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    (bsc#1111331).
  o x86/speculation: Consolidate CPU whitelists (bsc#1111331).
  o x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#
    1111331).
  o x86/speculation: Move arch_smt_update() call to after mitigation decisions
    (bsc#1111331).
  o x86/speculation: Rework SMT state change (bsc#1111331).
  o x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-kernel-20190508-14051=1
  o SUSE Linux Enterprise Server 11-EXTRA:
    zypper in -t patch slexsp3-kernel-20190508-14051=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-kernel-20190508-14051=1

Package List:

  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
       kernel-default-3.0.101-108.90.1
       kernel-default-base-3.0.101-108.90.1
       kernel-default-devel-3.0.101-108.90.1
       kernel-source-3.0.101-108.90.1
       kernel-syms-3.0.101-108.90.1
       kernel-trace-3.0.101-108.90.1
       kernel-trace-base-3.0.101-108.90.1
       kernel-trace-devel-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):
       kernel-ec2-3.0.101-108.90.1
       kernel-ec2-base-3.0.101-108.90.1
       kernel-ec2-devel-3.0.101-108.90.1
       kernel-xen-3.0.101-108.90.1
       kernel-xen-base-3.0.101-108.90.1
       kernel-xen-devel-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64):
       kernel-bigmem-3.0.101-108.90.1
       kernel-bigmem-base-3.0.101-108.90.1
       kernel-bigmem-devel-3.0.101-108.90.1
       kernel-ppc64-3.0.101-108.90.1
       kernel-ppc64-base-3.0.101-108.90.1
       kernel-ppc64-devel-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (s390x):
       kernel-default-man-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586):
       kernel-pae-3.0.101-108.90.1
       kernel-pae-base-3.0.101-108.90.1
       kernel-pae-devel-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
       kernel-default-extra-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
       kernel-xen-extra-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-EXTRA (x86_64):
       kernel-trace-extra-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-EXTRA (ppc64):
       kernel-ppc64-extra-3.0.101-108.90.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586):
       kernel-pae-extra-3.0.101-108.90.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
       kernel-default-debuginfo-3.0.101-108.90.1
       kernel-default-debugsource-3.0.101-108.90.1
       kernel-trace-debuginfo-3.0.101-108.90.1
       kernel-trace-debugsource-3.0.101-108.90.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64):
       kernel-default-devel-debuginfo-3.0.101-108.90.1
       kernel-trace-devel-debuginfo-3.0.101-108.90.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
       kernel-ec2-debuginfo-3.0.101-108.90.1
       kernel-ec2-debugsource-3.0.101-108.90.1
       kernel-xen-debuginfo-3.0.101-108.90.1
       kernel-xen-debugsource-3.0.101-108.90.1
       kernel-xen-devel-debuginfo-3.0.101-108.90.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
       kernel-bigmem-debuginfo-3.0.101-108.90.1
       kernel-bigmem-debugsource-3.0.101-108.90.1
       kernel-ppc64-debuginfo-3.0.101-108.90.1
       kernel-ppc64-debugsource-3.0.101-108.90.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
       kernel-pae-debuginfo-3.0.101-108.90.1
       kernel-pae-debugsource-3.0.101-108.90.1
       kernel-pae-devel-debuginfo-3.0.101-108.90.1


References:

  o https://www.suse.com/security/cve/CVE-2012-3412.html
  o https://www.suse.com/security/cve/CVE-2012-3430.html
  o https://www.suse.com/security/cve/CVE-2013-0160.html
  o https://www.suse.com/security/cve/CVE-2013-0216.html
  o https://www.suse.com/security/cve/CVE-2013-0231.html
  o https://www.suse.com/security/cve/CVE-2013-1979.html
  o https://www.suse.com/security/cve/CVE-2018-12126.html
  o https://www.suse.com/security/cve/CVE-2018-12127.html
  o https://www.suse.com/security/cve/CVE-2018-12130.html
  o https://www.suse.com/security/cve/CVE-2019-11091.html
  o https://www.suse.com/security/cve/CVE-2019-9213.html
  o https://bugzilla.suse.com/1082943
  o https://bugzilla.suse.com/1094244
  o https://bugzilla.suse.com/1103186
  o https://bugzilla.suse.com/1106886
  o https://bugzilla.suse.com/1110436
  o https://bugzilla.suse.com/1111331
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1117515
  o https://bugzilla.suse.com/1119019
  o https://bugzilla.suse.com/1127082
  o https://bugzilla.suse.com/1127376
  o https://bugzilla.suse.com/1127445
  o https://bugzilla.suse.com/1127534
  o https://bugzilla.suse.com/1127738
  o https://bugzilla.suse.com/1128166
  o https://bugzilla.suse.com/1128383
  o https://bugzilla.suse.com/1129248
  o https://bugzilla.suse.com/1129437
  o https://bugzilla.suse.com/1129439
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1130353
  o https://bugzilla.suse.com/1130384
  o https://bugzilla.suse.com/1131107
  o https://bugzilla.suse.com/1131587
  o https://bugzilla.suse.com/1132589
  o https://bugzilla.suse.com/773383
  o https://bugzilla.suse.com/774523
  o https://bugzilla.suse.com/797175
  o https://bugzilla.suse.com/800280
  o https://bugzilla.suse.com/801178
  o https://bugzilla.suse.com/816708

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXN40P2aOgq3Tt24GAQiC8hAA002nicY9DwkNCRuIdDXr5kMtMp1SKgCx
ts3Jh5cVFI10WLD+RwCSEzfOa6LOhZfxfdHzX31cjupI0kATPvjnatF8bWS5WMvs
9Ojl2r/C4i7NDbnZkfIun0TzTs7O5/xTCYdLjTHFGATF2FYvgzZTJKUjt5UfZtq8
wRdb2af4/Pcbejs5KJazVl+2wFQcuCvrZkYsgWOonBc4K6lsgq+pdw+zgmFQA/tc
ZYQxwA5AetH5QuZo+1r1xyI7DGE4s89MvYZEWAr45a12sadgBmbLLJrSdah+AGMH
U4cCU8ZhBTIEt4G3Mrq//7r2Ds2HccCr8zbZOJs1qSVS9r03AqqVyrI2OUcxhTQK
ewKr+O3ZCPeqiSzb31cMcRJ9Xcaj0+lTXu/oU/YG96iVEydUQyCrC5hsL6FvQwLz
1HHCJGhSaA9IFUimx1oDHV2inFux4RcxCOfwkwuA6BX86kn0aGTt079X/VMFtoUb
AzEP0amhxLfY5SlSuPK8Szu3RL83f1btitji3pTQF4H8EiH0x8Sd71rcOHLZVEKK
YaGlYvMIP1ng1FKCt2/h9MjFGZx538s+K1gPxEDjxOXinRKv1TP8jd+4eH0rsXW9
pT1FAnTkTP+SdmAcw03mbqlDMLivXhx/WSwQAz2qKKPylmnAs2/7AJm5gcEwn2Tq
AYuwVDd4SnE=
=aE5m
-----END PGP SIGNATURE-----