Operating System:

[SUSE]

Published:

18 July 2019

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2019.2661 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2661
         SUSE-SU-2019:1870-1 Security update for the Linux Kernel
                               18 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Increased Privileges     -- Remote with User Interaction
                   Denial of Service        -- Existing Account            
                   Reduced Security         -- Remote/Unauthenticated      
                   Access Confidential Data -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12818 CVE-2019-12614 CVE-2019-12456
                   CVE-2019-11487 CVE-2019-11478 CVE-2018-20836
                   CVE-2018-7191 CVE-2018-5390 

Reference:         ESB-2019.2626
                   ESB-2019.2597
                   ESB-2019.2593

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:1870-1
Rating:            important
References:        #1102340 #1112824 #1130159 #1133190 #1134395 #1135603
                   #1136922 #1137194 #1138293 #1139751
Cross-References:  CVE-2018-20836 CVE-2018-5390 CVE-2018-7191 CVE-2019-11487
                   CVE-2019-12456 CVE-2019-12614 CVE-2019-12818
Affected Products:
                   SUSE Linux Enterprise Server for SAP 12-SP1
                   SUSE Linux Enterprise Server 12-SP1-LTSS
                   SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that solves 7 vulnerabilities and has three fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively
    low bandwidth could have caused lots of CPU usage by triggering the worst
    case scenario during IP and/or TCP fragment reassembly (bsc#1102340)
  o CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name
    was not called before register_netdevice. This allowed local users to cause
    a denial of service (NULL pointer dereference and panic) via an ioctl
    (TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
  o CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done()
    in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free.
    (bnc#1134395)
  o CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to
    cause denial of service (a NULL pointer dereference and system crash). (bnc
    #1137194)
  o CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c
    may have returned NULL. If the caller did not check for this, it would
    trigger a NULL pointer dereference. This would cause denial of service.
    (bnc#1138293)
  o CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()
    allowed local users to cause a denial of service or possibly have
    unspecified other impact by changing the value of ioc_number between two
    kernel reads of that value, aka a "double fetch" vulnerability. (bsc#
    1136922)
  o CVE-2019-11487: An attacker could have triggered use-after-free via page
    reference count overflow on slow filesystems with at least of 140 GiB of
    RAM available. (bnc#1133190)


The following non-security bugs were fixed:

  o fuse: Don't access pipe->buffers without pipe_lock() (Prerequisity for
    CVE-2019-11487, bsc#1133190).
  o fuse: call pipe_buf_release() under pipe lock (Prerequisity for
    CVE-2019-11487, bsc#1133190).
  o mm: /proc/pid/maps: Check permissions when opening proc pid maps (bsc#
    1130159).
  o pipe: add pipe_buf_get() helper (Prerequisity for CVE-2019-11487, bsc#
    1133190).
  o tcp: refine memory limit test in tcp_fragment() after CVE-2019-11478 fix
    (bsc#1139751).
  o x86/bugs: do not default to IBRS even on SKL (bsc#1112824).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 12-SP1:
    zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1870=1
  o SUSE Linux Enterprise Server 12-SP1-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1870=1
  o SUSE Linux Enterprise Module for Public Cloud 12:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1870=1

Package List:

  o SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
       kernel-default-3.12.74-60.64.118.1
       kernel-default-base-3.12.74-60.64.118.1
       kernel-default-base-debuginfo-3.12.74-60.64.118.1
       kernel-default-debuginfo-3.12.74-60.64.118.1
       kernel-default-debugsource-3.12.74-60.64.118.1
       kernel-default-devel-3.12.74-60.64.118.1
       kernel-syms-3.12.74-60.64.118.1
       kernel-xen-3.12.74-60.64.118.1
       kernel-xen-base-3.12.74-60.64.118.1
       kernel-xen-base-debuginfo-3.12.74-60.64.118.1
       kernel-xen-debuginfo-3.12.74-60.64.118.1
       kernel-xen-debugsource-3.12.74-60.64.118.1
       kernel-xen-devel-3.12.74-60.64.118.1
       kgraft-patch-3_12_74-60_64_118-default-1-2.3.1
       kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1
  o SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):
       kernel-devel-3.12.74-60.64.118.1
       kernel-macros-3.12.74-60.64.118.1
       kernel-source-3.12.74-60.64.118.1
  o SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
       kernel-default-3.12.74-60.64.118.1
       kernel-default-base-3.12.74-60.64.118.1
       kernel-default-base-debuginfo-3.12.74-60.64.118.1
       kernel-default-debuginfo-3.12.74-60.64.118.1
       kernel-default-debugsource-3.12.74-60.64.118.1
       kernel-default-devel-3.12.74-60.64.118.1
       kernel-syms-3.12.74-60.64.118.1
  o SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
       kernel-xen-3.12.74-60.64.118.1
       kernel-xen-base-3.12.74-60.64.118.1
       kernel-xen-base-debuginfo-3.12.74-60.64.118.1
       kernel-xen-debuginfo-3.12.74-60.64.118.1
       kernel-xen-debugsource-3.12.74-60.64.118.1
       kernel-xen-devel-3.12.74-60.64.118.1
       kgraft-patch-3_12_74-60_64_118-default-1-2.3.1
       kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1
  o SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):
       kernel-devel-3.12.74-60.64.118.1
       kernel-macros-3.12.74-60.64.118.1
       kernel-source-3.12.74-60.64.118.1
  o SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):
       kernel-default-man-3.12.74-60.64.118.1
  o SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
       kernel-ec2-3.12.74-60.64.118.1
       kernel-ec2-debuginfo-3.12.74-60.64.118.1
       kernel-ec2-debugsource-3.12.74-60.64.118.1
       kernel-ec2-devel-3.12.74-60.64.118.1
       kernel-ec2-extra-3.12.74-60.64.118.1
       kernel-ec2-extra-debuginfo-3.12.74-60.64.118.1


References:

  o https://www.suse.com/security/cve/CVE-2018-20836.html
  o https://www.suse.com/security/cve/CVE-2018-5390.html
  o https://www.suse.com/security/cve/CVE-2018-7191.html
  o https://www.suse.com/security/cve/CVE-2019-11487.html
  o https://www.suse.com/security/cve/CVE-2019-12456.html
  o https://www.suse.com/security/cve/CVE-2019-12614.html
  o https://www.suse.com/security/cve/CVE-2019-12818.html
  o https://bugzilla.suse.com/1102340
  o https://bugzilla.suse.com/1112824
  o https://bugzilla.suse.com/1130159
  o https://bugzilla.suse.com/1133190
  o https://bugzilla.suse.com/1134395
  o https://bugzilla.suse.com/1135603
  o https://bugzilla.suse.com/1136922
  o https://bugzilla.suse.com/1137194
  o https://bugzilla.suse.com/1138293
  o https://bugzilla.suse.com/1139751

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXS+1YmaOgq3Tt24GAQicsQ//Sgg0rE7kh3sE4WSblVkto3EtAWVadwau
3GqR0jbLIoeRbQXuGP4caPKJWXDTCexcooscLFkJZD5ZMERPpXHeMkcdIZ+lQ8QJ
znSFs7V9aEx86uDjgkKtGQLoJ4miEujBJiy1/mtdeRc2OLvZQObYdxkr93llRvj4
r0hgqiXfnhFzJph9YDCuhuI6L4rWZAuUJHFDGiykLtR2rt64sw5x0IqlzYDAzEme
CqcjOrjm7jixia1SYj/a6d3kdq7jSNYIs6bFsUp/KQGJBFqdAFT7wr1cLjWa3J8k
f3GNY6IBRbc1FUGvNLtCP/zN1BzD/dLBqsJZOuqiDSIFJGp10jZYD1FYEpii0Twf
obPbzD9l94mC+g3TmOvMVJXokg6SJEoqb78oYV2ttq6AXXmIqomLMC/hqaZtopuL
UkhpcZt+JFA6uVHjIJaap3VA61d35KbhJMWreZHSINk408b/AuXg/ikK9vqV1gUv
Rci9gdS4fIGREA9CdemWoum1vyi08RAhkXm7fIgkhwzRBfEWWzgnq2GVGZYyouWL
Bs240hwpfFZsBEegUfhSRySNozXLTa0B91fq/evHj2WCZicuMpcSWV+bbyNV7gGU
cL/vGi+B6QL1kkCpyNkBxKi2PTY+arjwGYZzmGwym/d3CaHVFqKQ6owMGv5ZBkuB
4IQMmDM3FV4=
=PW3L
-----END PGP SIGNATURE-----