SUSE-SU-2018:2062-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jul 26 04:11:47 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2062-1
Rating:             important
References:         #1045538 #1047487 #1087086 #1090078 #1094244 
                    #1094876 #1098408 #1099177 #1099598 #1099709 
                    #1099966 #1100089 #1100091 #1101296 #780242 
                    #784815 #786036 #790588 #795301 #902351 #909495 
                    #923242 #925105 #936423 
Cross-References:   CVE-2014-3688
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves one vulnerability and has 23 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause
     a denial of service (memory consumption) by triggering a large number of
     chunks in an association's output queue (bsc#902351).

   The following non-security bugs were fixed:

   - ALSA: hda/ca0132: fix build failure when a local macro is defined
     (bsc#1045538).
   - ALSA: seq: Do not allow resizing pool in use (bsc#1045538).
   - Delete
     patches.fixes/0001-ipc-shm-Fix-shmat-mmap-nil-page-protection.patch
     (bsc# 1090078)
   - IB/mlx4: fix sprintf format warning (bnc#786036).
   - RDMA/mlx4: Discard unknown SQP work requests (bnc#786036).
   - USB: uss720: fix NULL-deref at probe (bnc#1047487).
   - bna: integer overflow bug in debugfs (bnc#780242).
   - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
     (bug#923242).
   - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bug#909495).
   - fix a leak in /proc/schedstats (bsc#1094876).
   - ixgbe: Initialize 64-bit stats seqcounts (bnc#795301).
   - mm: fix the NULL mapping case in __isolate_lru_page() (git-fixes).
   - module/retpoline: Warn about missing retpoline in module (bnc#1099177).
   - net/mlx4_core: Fix error handling in mlx4_init_port_info (bnc#786036).
   - net/mlx4_en: Change default QoS settings (bnc#786036 ).
   - net/mlx4_en: Use __force to fix a sparse warning in TX datapath
     (bug#925105).
   - netxen: fix incorrect loop counter decrement (bnc#784815).
   - powerpc: Machine check interrupt is a non-maskable interrupt
     (bsc#1094244).
   - s390/qdio: do not merge ERROR output buffers (bnc#1099709).
   - s390/qeth: do not dump control cmd twice (bnc#1099709).
   - s390/qeth: fix SETIP command handling (bnc#1099709).
   - s390/qeth: free netdevice when removing a card (bnc#1099709).
   - s390/qeth: lock read device while queueing next buffer (bnc#1099709).
   - s390/qeth: when thread completes, wake up all waiters (bnc#1099709).
   - sched/sysctl: Check user input value of sysctl_sched_time_avg
     (bsc#1100089).
   - scsi: sg: mitigate read/write abuse (bsc#1101296).
   - tg3: do not clear stats while tg3_close (bnc#790588).
   - video/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb()
     (bnc#1099966).
   - vmxnet3: use correct flag to indicate LRO feature (bsc#936423).
   - x86-32/kaiser: Add CPL check for CR3 switch before iret (bsc#1098408).
   - x86-non-upstream-eager-fpu 32bit fix (bnc#1087086, bnc#1100091,
     bnc#1099598).
   - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1099177).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-source-13702=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-source-13702=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-source-13702=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-source-13702=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.60.1
      kernel-default-base-3.0.101-108.60.1
      kernel-default-devel-3.0.101-108.60.1
      kernel-source-3.0.101-108.60.1
      kernel-syms-3.0.101-108.60.1
      kernel-trace-3.0.101-108.60.1
      kernel-trace-base-3.0.101-108.60.1
      kernel-trace-devel-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.60.1
      kernel-ec2-base-3.0.101-108.60.1
      kernel-ec2-devel-3.0.101-108.60.1
      kernel-xen-3.0.101-108.60.1
      kernel-xen-base-3.0.101-108.60.1
      kernel-xen-devel-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.60.1
      kernel-bigmem-base-3.0.101-108.60.1
      kernel-bigmem-devel-3.0.101-108.60.1
      kernel-ppc64-3.0.101-108.60.1
      kernel-ppc64-base-3.0.101-108.60.1
      kernel-ppc64-devel-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.60.1
      kernel-pae-base-3.0.101-108.60.1
      kernel-pae-devel-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.60.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.60.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.60.1
      kernel-default-debugsource-3.0.101-108.60.1
      kernel-trace-debuginfo-3.0.101-108.60.1
      kernel-trace-debugsource-3.0.101-108.60.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.60.1
      kernel-trace-devel-debuginfo-3.0.101-108.60.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.60.1
      kernel-ec2-debugsource-3.0.101-108.60.1
      kernel-xen-debuginfo-3.0.101-108.60.1
      kernel-xen-debugsource-3.0.101-108.60.1
      kernel-xen-devel-debuginfo-3.0.101-108.60.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.60.1
      kernel-bigmem-debugsource-3.0.101-108.60.1
      kernel-ppc64-debuginfo-3.0.101-108.60.1
      kernel-ppc64-debugsource-3.0.101-108.60.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.60.1
      kernel-pae-debugsource-3.0.101-108.60.1
      kernel-pae-devel-debuginfo-3.0.101-108.60.1


References:

   https://www.suse.com/security/cve/CVE-2014-3688.html
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1087086
   https://bugzilla.suse.com/1090078
   https://bugzilla.suse.com/1094244
   https://bugzilla.suse.com/1094876
   https://bugzilla.suse.com/1098408
   https://bugzilla.suse.com/1099177
   https://bugzilla.suse.com/1099598
   https://bugzilla.suse.com/1099709
   https://bugzilla.suse.com/1099966
   https://bugzilla.suse.com/1100089
   https://bugzilla.suse.com/1100091
   https://bugzilla.suse.com/1101296
   https://bugzilla.suse.com/780242
   https://bugzilla.suse.com/784815
   https://bugzilla.suse.com/786036
   https://bugzilla.suse.com/790588
   https://bugzilla.suse.com/795301
   https://bugzilla.suse.com/902351
   https://bugzilla.suse.com/909495
   https://bugzilla.suse.com/923242
   https://bugzilla.suse.com/925105
   https://bugzilla.suse.com/936423



More information about the sle-security-updates mailing list