SUSE-SU-2018:1849-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jun 29 07:31:30 MDT 2018
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1849-1
Rating: important
References: #1065600 #1068032 #1075091 #1075994 #1087086
#1087088 #1096140 #1096242 #1096281
Cross-References: CVE-2018-3665
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that solves one vulnerability and has 8 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
various security and bugfixes.
The following security bug was fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
AVX registers) between processes. These registers might contain
encryption keys when doing SSE accelerated AES enc/decryption
(bsc#1087086)
The following non-security bugs were fixed:
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
(bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- x86/boot: Fix early command-line parsing when partial word matches
(bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
disabled (bsc#1096140).
- xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032).
- xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994
bsc#1075091).
- xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the
'clearcpuid=' command-line option (bsc#1065600).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
- xen/x86/idle: Toggle IBRS when going idle (bsc#1068032).
- xen/x86/kaiser: Move feature detection up (bsc#1068032).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-kernel-default-13684=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-default-13684=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-kernel-default-13684=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-kernel-default-13684=1
Package List:
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
kernel-default-3.0.101-0.47.106.35.1
kernel-default-base-3.0.101-0.47.106.35.1
kernel-default-devel-3.0.101-0.47.106.35.1
kernel-source-3.0.101-0.47.106.35.1
kernel-syms-3.0.101-0.47.106.35.1
kernel-trace-3.0.101-0.47.106.35.1
kernel-trace-base-3.0.101-0.47.106.35.1
kernel-trace-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
kernel-ec2-3.0.101-0.47.106.35.1
kernel-ec2-base-3.0.101-0.47.106.35.1
kernel-ec2-devel-3.0.101-0.47.106.35.1
kernel-xen-3.0.101-0.47.106.35.1
kernel-xen-base-3.0.101-0.47.106.35.1
kernel-xen-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
kernel-bigsmp-3.0.101-0.47.106.35.1
kernel-bigsmp-base-3.0.101-0.47.106.35.1
kernel-bigsmp-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
kernel-default-man-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
kernel-pae-3.0.101-0.47.106.35.1
kernel-pae-base-3.0.101-0.47.106.35.1
kernel-pae-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-bigsmp-extra-3.0.101-0.47.106.35.1
kernel-trace-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
kernel-default-3.0.101-0.47.106.35.1
kernel-default-base-3.0.101-0.47.106.35.1
kernel-default-devel-3.0.101-0.47.106.35.1
kernel-ec2-3.0.101-0.47.106.35.1
kernel-ec2-base-3.0.101-0.47.106.35.1
kernel-ec2-devel-3.0.101-0.47.106.35.1
kernel-pae-3.0.101-0.47.106.35.1
kernel-pae-base-3.0.101-0.47.106.35.1
kernel-pae-devel-3.0.101-0.47.106.35.1
kernel-source-3.0.101-0.47.106.35.1
kernel-syms-3.0.101-0.47.106.35.1
kernel-trace-3.0.101-0.47.106.35.1
kernel-trace-base-3.0.101-0.47.106.35.1
kernel-trace-devel-3.0.101-0.47.106.35.1
kernel-xen-3.0.101-0.47.106.35.1
kernel-xen-base-3.0.101-0.47.106.35.1
kernel-xen-devel-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
kernel-default-debuginfo-3.0.101-0.47.106.35.1
kernel-default-debugsource-3.0.101-0.47.106.35.1
kernel-trace-debuginfo-3.0.101-0.47.106.35.1
kernel-trace-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-0.47.106.35.1
kernel-ec2-debugsource-3.0.101-0.47.106.35.1
kernel-xen-debuginfo-3.0.101-0.47.106.35.1
kernel-xen-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
kernel-bigsmp-debuginfo-3.0.101-0.47.106.35.1
kernel-bigsmp-debugsource-3.0.101-0.47.106.35.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
kernel-pae-debuginfo-3.0.101-0.47.106.35.1
kernel-pae-debugsource-3.0.101-0.47.106.35.1
References:
https://www.suse.com/security/cve/CVE-2018-3665.html
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
More information about the sle-security-updates
mailing list