SUSE-SU-2018:2332-1: important: Security update for the Linux Kernel

Wed Aug 15 10:16:25 MDT 2018

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2332-1
Rating:             important
References:         #1082962 #1083900 #1085107 #1087081 #1089343 
                    #1092904 #1094353 #1096480 #1096728 #1097234 
                    #1098016 #1099924 #1099942 #1100418 #1104475 
                    #1104684 #909361 
Cross-References:   CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204
                    CVE-2018-1068 CVE-2018-1130 CVE-2018-12233
                    CVE-2018-13053 CVE-2018-13406 CVE-2018-3620
                    CVE-2018-3646 CVE-2018-5803 CVE-2018-5814
                    CVE-2018-7492
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has four fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-3620: Local attackers on baremetal systems could use
     speculative code patterns on hyperthreaded processors to read data
     present in the L1 Datacache used by other hyperthreads on the same CPU
     core, potentially leaking sensitive data. (bnc#1087081).
   - CVE-2018-3646: Local attackers in virtualized guest systems could use
     speculative code patterns on hyperthreaded processors to read data
     present in the L1 Datacache used by other hyperthreads on the same CPU
     core, potentially leaking sensitive data, even from other virtual
     machines or the host system. (bnc#1089343).
   - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could
     lead to a local kernel information leak manifesting in up to
     approximately 1000 memory pages copied to the userspace. The problem has
     limited scope as non-privileged users usually have no permissions to
     access SCSI device files. (bnc#1096728).
   - CVE-2018-13053: The alarm_timer_nsleep function in
     kernel/time/alarmtimer.c had an integer overflow via a large relative
     timeout because ktime_add_safe is not used (bnc#1099924).
   - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in
     drivers/video/fbdev/uvesafb.c could result in local attackers being able
     to crash the kernel or potentially elevate privileges because
     kmalloc_array is not used (bnc#1098016 bnc#1100418).
   - CVE-2016-8405: An information disclosure vulnerability in kernel
     components including the ION subsystem, Binder, USB driver and
     networking subsystem could enable a local malicious application to
     access data outside of its permission levels. (bnc#1099942).
   - CVE-2018-5814: Multiple race condition errors when handling probe,
     disconnect, and rebind operations could be exploited to trigger a
     use-after-free condition or a NULL pointer dereference by sending
     multiple USB over IP packets (bnc#1096480).
   - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory
     corruption bug in JFS can be triggered by calling setxattr twice with
     two different extended attribute names on the same file. This
     vulnerability can be triggered by an unprivileged user with the ability
     to create files and execute programs. (bnc#1097234).
   - CVE-2017-13305: A information disclosure vulnerability in the Upstream
     kernel encrypted-keys. (bnc#1094353).
   - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function
     in net/dccp/output.c allowed a local user to cause a denial of service
     by a number of certain crafted system calls (bnc#1092904).
   - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall
     interface for bridging. This allowed a privileged user to arbitrarily
     write to a limited range of kernel memory (bnc#1085107).
   - CVE-2018-5803: An error in the "_sctp_make_chunk()" function
     (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be
     exploited to cause a kernel crash (bnc#1083900).
   - CVE-2018-7492: A NULL pointer dereference was found in the
     net/rds/rdma.c __rds_rdma_map() function allowed local attackers to
     cause a system panic and a denial-of-service, related to RDS_GET_MR and
     RDS_GET_MR_FOR_DEST (bnc#1082962).

   The following non-security bugs were fixed:

   - cpu/hotplug: Add sysfs state interface (bsc#1089343).
   - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
   - cpu/hotplug: Split do_cpu_down() (bsc#1089343).
   - disable-prot_none_mitigation.patch: disable prot_none native mitigation
     (bnc#1104684)
   - fix pgd underflow (bnc#1104475) custom walk_page_range rework was
     incorrect and could underflow pgd if the given range was below a first
     vma.
   - slab: introduce kmalloc_array() (bsc#909361).
   - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
   - x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info
     (bsc#1089343).
   - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
   - x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
     (bsc#1089343).
   - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
   - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
   - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
   - x86/cpu: Remove the pointless CPU printout (bsc#1089343).
   - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
   - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages
     calculation (bsc#1089343).
   - x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
   - x86/topology: Add topology_max_smt_threads() (bsc#1089343).
   - x86/topology: Provide topology_smt_supported() (bsc#1089343).
   - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
   - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
   - xen/x86/cpu/topology: Provide detect_extended_topology_early()
     (bsc#1089343).
   - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684).

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-201808-13728=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-201808-13728=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-201808-13728=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-201808-13728=1

Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.68.1
      kernel-default-base-3.0.101-108.68.1
      kernel-default-devel-3.0.101-108.68.1
      kernel-source-3.0.101-108.68.1
      kernel-syms-3.0.101-108.68.1
      kernel-trace-3.0.101-108.68.1
      kernel-trace-base-3.0.101-108.68.1
      kernel-trace-devel-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.68.1
      kernel-ec2-base-3.0.101-108.68.1
      kernel-ec2-devel-3.0.101-108.68.1
      kernel-xen-3.0.101-108.68.1
      kernel-xen-base-3.0.101-108.68.1
      kernel-xen-devel-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.68.1
      kernel-bigmem-base-3.0.101-108.68.1
      kernel-bigmem-devel-3.0.101-108.68.1
      kernel-ppc64-3.0.101-108.68.1
      kernel-ppc64-base-3.0.101-108.68.1
      kernel-ppc64-devel-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.68.1
      kernel-pae-base-3.0.101-108.68.1
      kernel-pae-devel-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.68.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.68.1
      kernel-default-debugsource-3.0.101-108.68.1
      kernel-trace-debuginfo-3.0.101-108.68.1
      kernel-trace-debugsource-3.0.101-108.68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.68.1
      kernel-trace-devel-debuginfo-3.0.101-108.68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.68.1
      kernel-ec2-debugsource-3.0.101-108.68.1
      kernel-xen-debuginfo-3.0.101-108.68.1
      kernel-xen-debugsource-3.0.101-108.68.1
      kernel-xen-devel-debuginfo-3.0.101-108.68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.68.1
      kernel-bigmem-debugsource-3.0.101-108.68.1
      kernel-ppc64-debuginfo-3.0.101-108.68.1
      kernel-ppc64-debugsource-3.0.101-108.68.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.68.1
      kernel-pae-debugsource-3.0.101-108.68.1
      kernel-pae-devel-debuginfo-3.0.101-108.68.1

References:

   https://www.suse.com/security/cve/CVE-2016-8405.html
   https://www.suse.com/security/cve/CVE-2017-13305.html
   https://www.suse.com/security/cve/CVE-2018-1000204.html
   https://www.suse.com/security/cve/CVE-2018-1068.html
   https://www.suse.com/security/cve/CVE-2018-1130.html
   https://www.suse.com/security/cve/CVE-2018-12233.html
   https://www.suse.com/security/cve/CVE-2018-13053.html
   https://www.suse.com/security/cve/CVE-2018-13406.html
   https://www.suse.com/security/cve/CVE-2018-3620.html
   https://www.suse.com/security/cve/CVE-2018-3646.html
   https://www.suse.com/security/cve/CVE-2018-5803.html
   https://www.suse.com/security/cve/CVE-2018-5814.html
   https://www.suse.com/security/cve/CVE-2018-7492.html
   https://bugzilla.suse.com/1082962
   https://bugzilla.suse.com/1083900
   https://bugzilla.suse.com/1085107
   https://bugzilla.suse.com/1087081
   https://bugzilla.suse.com/1089343
   https://bugzilla.suse.com/1092904
   https://bugzilla.suse.com/1094353
   https://bugzilla.suse.com/1096480
   https://bugzilla.suse.com/1096728
   https://bugzilla.suse.com/1097234
   https://bugzilla.suse.com/1098016
   https://bugzilla.suse.com/1099924
   https://bugzilla.suse.com/1099942
   https://bugzilla.suse.com/1100418
   https://bugzilla.suse.com/1104475
   https://bugzilla.suse.com/1104684
   https://bugzilla.suse.com/909361