Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2661 SUSE-SU-2019:1870-1 Security update for the Linux Kernel 18 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Impact/Access: Increased Privileges -- Remote with User Interaction Denial of Service -- Existing Account Reduced Security -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-12818 CVE-2019-12614 CVE-2019-12456 CVE-2019-11487 CVE-2019-11478 CVE-2018-20836 CVE-2018-7191 CVE-2018-5390 Reference: ESB-2019.2626 ESB-2019.2597 ESB-2019.2593 Original Bulletin: https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1870-1 Rating: important References: #1102340 #1112824 #1130159 #1133190 #1134395 #1135603 #1136922 #1137194 #1138293 #1139751 Cross-References: CVE-2018-20836 CVE-2018-5390 CVE-2018-7191 CVE-2019-11487 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) o CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl (TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) o CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) o CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc #1137194) o CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) o CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. (bsc# 1136922) o CVE-2019-11487: An attacker could have triggered use-after-free via page reference count overflow on slow filesystems with at least of 140 GiB of RAM available. (bnc#1133190) The following non-security bugs were fixed: o fuse: Don't access pipe->buffers without pipe_lock() (Prerequisity for CVE-2019-11487, bsc#1133190). o fuse: call pipe_buf_release() under pipe lock (Prerequisity for CVE-2019-11487, bsc#1133190). o mm: /proc/pid/maps: Check permissions when opening proc pid maps (bsc# 1130159). o pipe: add pipe_buf_get() helper (Prerequisity for CVE-2019-11487, bsc# 1133190). o tcp: refine memory limit test in tcp_fragment() after CVE-2019-11478 fix (bsc#1139751). o x86/bugs: do not default to IBRS even on SKL (bsc#1112824). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1870=1 o SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1870=1 o SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1870=1 Package List: o SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 o SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 o SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 o SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 o SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 o SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.118.1 o SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.118.1 kernel-ec2-debuginfo-3.12.74-60.64.118.1 kernel-ec2-debugsource-3.12.74-60.64.118.1 kernel-ec2-devel-3.12.74-60.64.118.1 kernel-ec2-extra-3.12.74-60.64.118.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.118.1 References: o https://www.suse.com/security/cve/CVE-2018-20836.html o https://www.suse.com/security/cve/CVE-2018-5390.html o https://www.suse.com/security/cve/CVE-2018-7191.html o https://www.suse.com/security/cve/CVE-2019-11487.html o https://www.suse.com/security/cve/CVE-2019-12456.html o https://www.suse.com/security/cve/CVE-2019-12614.html o https://www.suse.com/security/cve/CVE-2019-12818.html o https://bugzilla.suse.com/1102340 o https://bugzilla.suse.com/1112824 o https://bugzilla.suse.com/1130159 o https://bugzilla.suse.com/1133190 o https://bugzilla.suse.com/1134395 o https://bugzilla.suse.com/1135603 o https://bugzilla.suse.com/1136922 o https://bugzilla.suse.com/1137194 o https://bugzilla.suse.com/1138293 o https://bugzilla.suse.com/1139751 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXS+1YmaOgq3Tt24GAQicsQ//Sgg0rE7kh3sE4WSblVkto3EtAWVadwau 3GqR0jbLIoeRbQXuGP4caPKJWXDTCexcooscLFkJZD5ZMERPpXHeMkcdIZ+lQ8QJ znSFs7V9aEx86uDjgkKtGQLoJ4miEujBJiy1/mtdeRc2OLvZQObYdxkr93llRvj4 r0hgqiXfnhFzJph9YDCuhuI6L4rWZAuUJHFDGiykLtR2rt64sw5x0IqlzYDAzEme CqcjOrjm7jixia1SYj/a6d3kdq7jSNYIs6bFsUp/KQGJBFqdAFT7wr1cLjWa3J8k f3GNY6IBRbc1FUGvNLtCP/zN1BzD/dLBqsJZOuqiDSIFJGp10jZYD1FYEpii0Twf obPbzD9l94mC+g3TmOvMVJXokg6SJEoqb78oYV2ttq6AXXmIqomLMC/hqaZtopuL UkhpcZt+JFA6uVHjIJaap3VA61d35KbhJMWreZHSINk408b/AuXg/ikK9vqV1gUv Rci9gdS4fIGREA9CdemWoum1vyi08RAhkXm7fIgkhwzRBfEWWzgnq2GVGZYyouWL Bs240hwpfFZsBEegUfhSRySNozXLTa0B91fq/evHj2WCZicuMpcSWV+bbyNV7gGU cL/vGi+B6QL1kkCpyNkBxKi2PTY+arjwGYZzmGwym/d3CaHVFqKQ6owMGv5ZBkuB 4IQMmDM3FV4= =PW3L -----END PGP SIGNATURE-----