SUSE-SU-2018:0660-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Mar 12 05:08:21 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0660-1
Rating:             important
References:         #1012382 #1054305 #1060279 #1068032 #1068984 
                    #1070781 #1073311 #1074488 #1074621 #1075091 
                    #1075410 #1075617 #1075621 #1075908 #1075994 
                    #1076017 #1076154 #1076278 #1076849 #1077406 
                    #1077560 #1077922 
Cross-References:   CVE-2017-13215 CVE-2017-17741 CVE-2017-18017
                    CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004
                    CVE-2018-5332 CVE-2018-5333
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 14 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5715: Systems with microprocessors utilizing speculative
     execution and indirect branch prediction may allow unauthorized
     disclosure of information to an attacker with local user access via a
     side-channel analysis (bnc#1068032).

     The previous fix using CPU Microcode has been complemented by building
   the Linux Kernel with return trampolines aka "retpolines".

   - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
     did not validate a value that is used during DMA page allocation,
     leading to a heap-based out-of-bounds write (related to the
     rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
   - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
     net/rds/rdma.c mishandled cases where page pinning fails or an invalid
     address is supplied, leading to an rds_atomic_free_op NULL pointer
     dereference (bnc#1075617).
   - CVE-2017-18017: The tcpmss_mangle_packet function in
     net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
     to cause a denial of service (use-after-free and memory corruption) or
     possibly have unspecified other impact by leveraging the presence of
     xt_TCPMSS in an iptables action (bnc#1074488).
   - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
     attackers to cause a denial of service (NULL pointer dereference and
     system crash) or possibly have unspecified other impact because the
     port->exists value can change after it is validated (bnc#1077922).
   - CVE-2017-17741: The KVM implementation in the Linux kernel allowed
     attackers to obtain potentially sensitive information from kernel
     memory, aka a write_mmio stack-based out-of-bounds read, related to
     arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
   - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
     kernel skcipher. (bnc#1075908).
   - CVE-2018-1000004: In the Linux kernel a race condition vulnerability
     exists in the sound system, this can lead to a deadlock and denial of
     service condition (bnc#1076017).

   The following non-security bugs were fixed:

   - cdc-acm: apply quirk for card reader (bsc#1060279).
   - Enable CPU vulnerabilities reporting via sysfs
   - fork: clear thread stack upon allocation (bsc#1077560).
   - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
   - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
     bsc#1068032).
   - Move kABI fixup for retpolines to proper place.
   - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
   - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
   - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
     LTC#163741).
   - storvsc: do not assume SG list is continuous when doing bounce buffers
     (bsc#1075410).
   - sysfs/cpu: Add vulnerability folder (bnc#1012382).
   - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
   - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
   - x86/acpi: Handle SCI interrupts above legacy space gracefully
     (bsc#1068984).
   - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
     (bsc#1068984).
   - x86/boot: Fix early command-line parsing when matching at end
     (bsc#1068032).
   - x86/cpu: Factor out application of forced CPU caps (bsc#1075994
     bsc#1075091).
   - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
   - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
   - x86/kaiser: Populate shadow PGD with NX bit only if supported by
     platform (bsc#1076154 bsc#1076278).
   - x86/kaiser: use trampoline stack for kernel entry.
   - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
   - x86/microcode/intel: Extend BDW late-loading further with LLC size check
     (bsc#1054305).
   - x86/microcode/intel: Extend BDW late-loading with a revision check
     (bsc#1054305).
   - x86/microcode: Rescan feature flags upon late loading (bsc#1075994
     bsc#1075091).
   - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
     (bsc#1068032).
   - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
     (bsc#1075994 bsc#1075091).
   - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
     bsc#1075091).
   - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-20180212-13505=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-20180212-13505=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.106.19.1
      kernel-default-base-3.0.101-0.47.106.19.1
      kernel-default-devel-3.0.101-0.47.106.19.1
      kernel-source-3.0.101-0.47.106.19.1
      kernel-syms-3.0.101-0.47.106.19.1
      kernel-trace-3.0.101-0.47.106.19.1
      kernel-trace-base-3.0.101-0.47.106.19.1
      kernel-trace-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.106.19.1
      kernel-ec2-base-3.0.101-0.47.106.19.1
      kernel-ec2-devel-3.0.101-0.47.106.19.1
      kernel-xen-3.0.101-0.47.106.19.1
      kernel-xen-base-3.0.101-0.47.106.19.1
      kernel-xen-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.106.19.1
      kernel-bigsmp-base-3.0.101-0.47.106.19.1
      kernel-bigsmp-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.106.19.1
      kernel-pae-base-3.0.101-0.47.106.19.1
      kernel-pae-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.106.19.1
      kernel-trace-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.106.19.1
      kernel-default-base-3.0.101-0.47.106.19.1
      kernel-default-devel-3.0.101-0.47.106.19.1
      kernel-ec2-3.0.101-0.47.106.19.1
      kernel-ec2-base-3.0.101-0.47.106.19.1
      kernel-ec2-devel-3.0.101-0.47.106.19.1
      kernel-pae-3.0.101-0.47.106.19.1
      kernel-pae-base-3.0.101-0.47.106.19.1
      kernel-pae-devel-3.0.101-0.47.106.19.1
      kernel-source-3.0.101-0.47.106.19.1
      kernel-syms-3.0.101-0.47.106.19.1
      kernel-trace-3.0.101-0.47.106.19.1
      kernel-trace-base-3.0.101-0.47.106.19.1
      kernel-trace-devel-3.0.101-0.47.106.19.1
      kernel-xen-3.0.101-0.47.106.19.1
      kernel-xen-base-3.0.101-0.47.106.19.1
      kernel-xen-devel-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.106.19.1
      kernel-default-debugsource-3.0.101-0.47.106.19.1
      kernel-trace-debuginfo-3.0.101-0.47.106.19.1
      kernel-trace-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.106.19.1
      kernel-ec2-debugsource-3.0.101-0.47.106.19.1
      kernel-xen-debuginfo-3.0.101-0.47.106.19.1
      kernel-xen-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.106.19.1
      kernel-bigsmp-debugsource-3.0.101-0.47.106.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.106.19.1
      kernel-pae-debugsource-3.0.101-0.47.106.19.1


References:

   https://www.suse.com/security/cve/CVE-2017-13215.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-18017.html
   https://www.suse.com/security/cve/CVE-2017-18079.html
   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2018-1000004.html
   https://www.suse.com/security/cve/CVE-2018-5332.html
   https://www.suse.com/security/cve/CVE-2018-5333.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1054305
   https://bugzilla.suse.com/1060279
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1068984
   https://bugzilla.suse.com/1070781
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1074488
   https://bugzilla.suse.com/1074621
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075410
   https://bugzilla.suse.com/1075617
   https://bugzilla.suse.com/1075621
   https://bugzilla.suse.com/1075908
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076017
   https://bugzilla.suse.com/1076154
   https://bugzilla.suse.com/1076278
   https://bugzilla.suse.com/1076849
   https://bugzilla.suse.com/1077406
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077922



More information about the sle-security-updates mailing list