SUSE-SU-2017:1247-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 11 13:09:06 MDT 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1247-1
Rating:             important
References:         #1003077 #1015703 #1021256 #1021762 #1023377 
                    #1023762 #1023992 #1024938 #1025235 #1026024 
                    #1026722 #1026914 #1027066 #1027149 #1027178 
                    #1027189 #1027190 #1028415 #1028895 #1029986 
                    #1030118 #1030213 #1030901 #1031003 #1031052 
                    #1031440 #1031579 #1032344 #1033336 #914939 
                    #954763 #968697 #979215 #983212 #989056 
Cross-References:   CVE-2015-1350 CVE-2016-10044 CVE-2016-10200
                    CVE-2016-10208 CVE-2016-2117 CVE-2016-3070
                    CVE-2016-5243 CVE-2016-7117 CVE-2016-9588
                    CVE-2017-2671 CVE-2017-5669 CVE-2017-5897
                    CVE-2017-5970 CVE-2017-5986 CVE-2017-6074
                    CVE-2017-6214 CVE-2017-6345 CVE-2017-6346
                    CVE-2017-6348 CVE-2017-6353 CVE-2017-7187
                    CVE-2017-7261 CVE-2017-7294 CVE-2017-7308
                    CVE-2017-7616
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 25 vulnerabilities and has 10 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an
     incomplete set of requirements for setattr operations that
     underspecifies removing extended privilege attributes, which allowed
     local users to cause a denial of service (capability stripping) via a
     failed invocation of a system call, as demonstrated by using chown to
     remove a capability from the ping or Wireshark dumpcap program
     (bnc#914939).
   - CVE-2016-2117: The atl2_probe function in
     drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly
     enabled scatter/gather I/O, which allowed remote attackers to obtain
     sensitive information from kernel memory by reading packet data
     (bnc#968697).
   - CVE-2016-3070: The trace_writeback_dirty_page implementation in
     include/trace/events/writeback.h in the Linux kernel improperly
     interacted with mm/migrate.c, which allowed local users to cause a
     denial of service (NULL pointer dereference and system crash) or
     possibly have unspecified other impact by triggering a certain page move
     (bnc#979215).
   - CVE-2016-5243: The tipc_nl_compat_link_dump function in
     net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
     certain string, which allowed local users to obtain sensitive
     information from kernel stack memory by reading a Netlink message
     (bnc#983212).
   - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
     function in net/socket.c in the Linux kernel allowed remote attackers to
     execute arbitrary code via vectors involving a recvmmsg system call that
     is mishandled during error processing (bnc#1003077).
   - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP
     and #OF exceptions, which allowed guest OS users to cause a denial of
     service (guest OS crash) by declining to handle an exception thrown by
     an L2 guest (bnc#1015703).
   - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel
     did not properly restrict execute access, which made it easier for local
     users to bypass intended SELinux W^X policy restrictions, and
     consequently gain privileges, via an io_setup system call (bnc#1023992).
   - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
     the Linux kernel allowed local users to gain privileges or cause a
     denial of service (use-after-free) by making multiple bind system calls
     without properly ascertaining whether a socket has the SOCK_ZAPPED
     status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
     (bnc#1028415).
   - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the
     Linux kernel did not properly validate meta block groups, which allowed
     physically proximate attackers to cause a denial of service
     (out-of-bounds read and system crash) via a crafted ext4 image
     (bnc#1023377).
   - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
     kernel is too late in obtaining a certain lock and consequently cannot
     ensure that disconnect function calls are safe, which allowed local
     users to cause a denial of service (panic) by leveraging access to the
     protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
   - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
     did not restrict the address calculated by a certain rounding operation,
     which allowed local users to map page zero, and consequently bypass a
     protection mechanism that exists for the mmap system call, by making
     crafted shmget and shmat system calls in a privileged context
     (bnc#1026914).
   - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the
     Linux kernel allowed remote attackers to have unspecified impact via
     vectors involving GRE flags in an IPv6 packet, which trigger an
     out-of-bounds access (bnc#1023762).
   - CVE-2017-5970: The ipv4_pktinfo_prepare function in
     net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
     denial of service (system crash) via (1) an application that made
     crafted system calls or possibly (2) IPv4 traffic with invalid IP
     options (bnc#1024938).
   - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
     net/sctp/socket.c in the Linux kernel allowed local users to cause a
     denial of service (assertion failure and panic) via a multithreaded
     application that peels off an association in a certain buffer-full state
     (bnc#1025235).
   - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
     in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
     in the LISTEN state, which allowed local users to obtain root privileges
     or cause a denial of service (double free) via an application that made
     an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).
   - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
     Linux kernel allowed remote attackers to cause a denial of service
     (infinite loop and soft lockup) via vectors involving a TCP packet with
     the URG flag (bnc#1026722).
   - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that
     a certain destructor exists in required circumstances, which allowed
     local users to cause a denial of service (BUG_ON) or possibly have
     unspecified other impact via crafted system calls (bnc#1027190).
   - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux
     kernel allowed local users to cause a denial of service (use-after-free)
     or possibly have unspecified other impact via a multithreaded
     application that made PACKET_FANOUT setsockopt system calls
     (bnc#1027189).
   - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
     Linux kernel improperly managed lock dropping, which allowed local users
     to cause a denial of service (deadlock) via crafted operations on IrDA
     devices (bnc#1027178).
   - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
     restrict association peel-off operations during certain wait states,
     which allowed local users to cause a denial of service (invalid unlock
     and double free) via a multithreaded application.  NOTE: this
     vulnerability exists because of an incorrect fix for CVE-2017-5986
     (bnc#1027066).
   - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
     kernel allowed local users to cause a denial of service (stack-based
     buffer overflow) or possibly have unspecified other impact via a large
     command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
     write access in the sg_write function (bnc#1030213).
   - CVE-2017-7261: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     check for a zero value of certain levels data, which allowed local users
     to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
     possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
     (bnc#1031052).
   - CVE-2017-7294: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate addition of certain levels data, which allowed local users to
     trigger an integer overflow and out-of-bounds write, and cause a denial
     of service (system hang or crash) or possibly gain privileges, via a
     crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
   - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
     the Linux kernel did not properly validate certain block-size data,
     which allowed local users to cause a denial of service (overflow) or
     possibly have unspecified other impact via crafted system calls
     (bnc#1031579).
   - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
     compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
     users to obtain sensitive information from uninitialized stack data by
     triggering failure of a certain bitmap operation (bnc#1033336).

   The following non-security bugs were fixed:

   - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).
   - hwrng: virtio - ensure reads happen after successful probe (bsc#954763
     bsc#1032344).
   - kgr/module: make a taint flag module-specific (fate#313296).
   - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).
   - l2tp: fix lookup for sockets not bound to a device in l2tp_ip
     (bsc#1028415).
   - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
     (bsc#1028415).
   - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
     (bsc#1028415).
   - l2tp: hold tunnel socket when handling control frames in l2tp_ip and
     l2tp_ip6 (bsc#1028415).
   - l2tp: lock socket before checking flags in connect() (bsc#1028415).
   - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).
   - module: move add_taint_module() to a header file (fate#313296).
   - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).
   - nfs: flush out dirty data on file fput() (bsc#1021762).
   - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
   - powerpc: Reject binutils 2.24 when building little endian (boo#1028895).
   - revert "procfs: mark thread stack correctly in proc/<pid>/maps"
     (bnc#1030901).
   - taint/module: Clean up global and module taint flags handling
     (fate#313296).
   - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
   - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
   - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-749=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-749=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-749=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kernel-default-3.12.61-52.72.1
      kernel-default-base-3.12.61-52.72.1
      kernel-default-base-debuginfo-3.12.61-52.72.1
      kernel-default-debuginfo-3.12.61-52.72.1
      kernel-default-debugsource-3.12.61-52.72.1
      kernel-default-devel-3.12.61-52.72.1
      kernel-syms-3.12.61-52.72.1
      kernel-xen-3.12.61-52.72.1
      kernel-xen-base-3.12.61-52.72.1
      kernel-xen-base-debuginfo-3.12.61-52.72.1
      kernel-xen-debuginfo-3.12.61-52.72.1
      kernel-xen-debugsource-3.12.61-52.72.1
      kernel-xen-devel-3.12.61-52.72.1
      kgraft-patch-3_12_61-52_72-default-1-2.1
      kgraft-patch-3_12_61-52_72-xen-1-2.1

   - SUSE Linux Enterprise Server for SAP 12 (noarch):

      kernel-devel-3.12.61-52.72.1
      kernel-macros-3.12.61-52.72.1
      kernel-source-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.61-52.72.1
      kernel-default-base-3.12.61-52.72.1
      kernel-default-base-debuginfo-3.12.61-52.72.1
      kernel-default-debuginfo-3.12.61-52.72.1
      kernel-default-debugsource-3.12.61-52.72.1
      kernel-default-devel-3.12.61-52.72.1
      kernel-syms-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      kernel-devel-3.12.61-52.72.1
      kernel-macros-3.12.61-52.72.1
      kernel-source-3.12.61-52.72.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kernel-xen-3.12.61-52.72.1
      kernel-xen-base-3.12.61-52.72.1
      kernel-xen-base-debuginfo-3.12.61-52.72.1
      kernel-xen-debuginfo-3.12.61-52.72.1
      kernel-xen-debugsource-3.12.61-52.72.1
      kernel-xen-devel-3.12.61-52.72.1
      kgraft-patch-3_12_61-52_72-default-1-2.1
      kgraft-patch-3_12_61-52_72-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (s390x):

      kernel-default-man-3.12.61-52.72.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.61-52.72.1
      kernel-ec2-debuginfo-3.12.61-52.72.1
      kernel-ec2-debugsource-3.12.61-52.72.1
      kernel-ec2-devel-3.12.61-52.72.1
      kernel-ec2-extra-3.12.61-52.72.1
      kernel-ec2-extra-debuginfo-3.12.61-52.72.1


References:

   https://www.suse.com/security/cve/CVE-2015-1350.html
   https://www.suse.com/security/cve/CVE-2016-10044.html
   https://www.suse.com/security/cve/CVE-2016-10200.html
   https://www.suse.com/security/cve/CVE-2016-10208.html
   https://www.suse.com/security/cve/CVE-2016-2117.html
   https://www.suse.com/security/cve/CVE-2016-3070.html
   https://www.suse.com/security/cve/CVE-2016-5243.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2016-9588.html
   https://www.suse.com/security/cve/CVE-2017-2671.html
   https://www.suse.com/security/cve/CVE-2017-5669.html
   https://www.suse.com/security/cve/CVE-2017-5897.html
   https://www.suse.com/security/cve/CVE-2017-5970.html
   https://www.suse.com/security/cve/CVE-2017-5986.html
   https://www.suse.com/security/cve/CVE-2017-6074.html
   https://www.suse.com/security/cve/CVE-2017-6214.html
   https://www.suse.com/security/cve/CVE-2017-6345.html
   https://www.suse.com/security/cve/CVE-2017-6346.html
   https://www.suse.com/security/cve/CVE-2017-6348.html
   https://www.suse.com/security/cve/CVE-2017-6353.html
   https://www.suse.com/security/cve/CVE-2017-7187.html
   https://www.suse.com/security/cve/CVE-2017-7261.html
   https://www.suse.com/security/cve/CVE-2017-7294.html
   https://www.suse.com/security/cve/CVE-2017-7308.html
   https://www.suse.com/security/cve/CVE-2017-7616.html
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1015703
   https://bugzilla.suse.com/1021256
   https://bugzilla.suse.com/1021762
   https://bugzilla.suse.com/1023377
   https://bugzilla.suse.com/1023762
   https://bugzilla.suse.com/1023992
   https://bugzilla.suse.com/1024938
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1026024
   https://bugzilla.suse.com/1026722
   https://bugzilla.suse.com/1026914
   https://bugzilla.suse.com/1027066
   https://bugzilla.suse.com/1027149
   https://bugzilla.suse.com/1027178
   https://bugzilla.suse.com/1027189
   https://bugzilla.suse.com/1027190
   https://bugzilla.suse.com/1028415
   https://bugzilla.suse.com/1028895
   https://bugzilla.suse.com/1029986
   https://bugzilla.suse.com/1030118
   https://bugzilla.suse.com/1030213
   https://bugzilla.suse.com/1030901
   https://bugzilla.suse.com/1031003
   https://bugzilla.suse.com/1031052
   https://bugzilla.suse.com/1031440
   https://bugzilla.suse.com/1031579
   https://bugzilla.suse.com/1032344
   https://bugzilla.suse.com/1033336
   https://bugzilla.suse.com/914939
   https://bugzilla.suse.com/954763
   https://bugzilla.suse.com/968697
   https://bugzilla.suse.com/979215
   https://bugzilla.suse.com/983212
   https://bugzilla.suse.com/989056



More information about the sle-security-updates mailing list