SUSE-SU-2018:0525-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Feb 22 13:07:20 MST 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0525-1
Rating:             important
References:         #1012382 #1047118 #1047626 #1068032 #1070623 
                    #1073246 #1073311 #1073792 #1073874 #1074709 
                    #1075091 #1075411 #1075908 #1075994 #1076017 
                    #1076110 #1076154 #1076278 #1077182 #1077355 
                    #1077560 #1077922 #1081317 #893777 #893949 
                    #902893 #951638 
Cross-References:   CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
                    CVE-2017-17805 CVE-2017-17806 CVE-2017-18079
                    CVE-2017-5715 CVE-2018-1000004
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 19 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-5715: Systems with microprocessors utilizing speculative
     execution and indirect branch prediction may allow unauthorized
     disclosure
     of information to an attacker with local user access via a side-channel
      analysis (bnc#1068032).

     The previous fix using CPU Microcode has been complemented by building
   the Linux Kernel with return trampolines aka "retpolines".

   - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a
     denial of service (NULL pointer dereference and system crash) or
     possibly have unspecified other impact because the port->exists value
     can change after it is validated (bnc#1077922).
   - CVE-2015-1142857: Prevent guests from sending ethernet flow control
     pause frames via the PF (bnc#1077355).
   - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive
     information from kernel memory, aka a write_mmio stack-based
     out-of-bounds read (bnc#1073311).
   - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).
   - CVE-2018-1000004: Prevent race condition in the sound system, this could
     have lead a deadlock and denial of service condition (bnc#1076017).
   - CVE-2017-17806: The HMAC implementation did not validate that the
     underlying cryptographic hash algorithm is unkeyed, allowing a local
     attacker able to use the AF_ALG-based hash interface
     (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
     (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by
     executing a crafted sequence of system calls that encounter a missing
     SHA-3 initialization (bnc#1073874).
   - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly
     handle zero-length inputs, allowing a local attacker able to use the
     AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to
     cause a denial of service (uninitialized-memory free and kernel crash)
     or have unspecified other impact by executing a crafted sequence of
     system calls that use the blkcipher_walk API. Both the generic
     implementation (crypto/salsa20_generic.c) and x86 implementation
     (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable
     (bnc#1073792).

   The following non-security bugs were fixed:

   - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).
   - bcache.txt: standardize document format (bsc#1076110).
   - bcache: Abstract out stuff needed for sorting (bsc#1076110).
   - bcache: Add a cond_resched() call to gc (bsc#1076110).
   - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).
   - bcache: Add bch_bkey_equal_header() (bsc#1076110).
   - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).
   - bcache: Add bch_keylist_init_single() (bsc#1047626).
   - bcache: Add btree_insert_node() (bnc#951638).
   - bcache: Add btree_map() functions (bsc#1047626).
   - bcache: Add btree_node_write_sync() (bsc#1076110).
   - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
   - bcache: Add make_btree_freeing_key() (bsc#1076110).
   - bcache: Add on error panic/unregister setting (bsc#1047626).
   - bcache: Add struct bset_sort_state (bsc#1076110).
   - bcache: Add struct btree_keys (bsc#1076110).
   - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).
   - bcache: Avoid deadlocking in garbage collection (bsc#1076110).
   - bcache: Avoid nested function definition (bsc#1076110).
   - bcache: Better alloc tracepoints (bsc#1076110).
   - bcache: Better full stripe scanning (bsc#1076110).
   - bcache: Bkey indexing renaming (bsc#1076110).
   - bcache: Break up struct search (bsc#1076110).
   - bcache: Btree verify code improvements (bsc#1076110).
   - bcache: Bypass torture test (bsc#1076110).
   - bcache: Change refill_dirty() to always scan entire disk if necessary
     (bsc#1076110).
   - bcache: Clean up cache_lookup_fn (bsc#1076110).
   - bcache: Clean up keylist code (bnc#951638).
   - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes()
     (bsc#1076110).
   - bcache: Convert bch_btree_read_async() to bch_btree_map_keys()
     (bsc#1076110).
   - bcache: Convert btree_insert_check_key() to btree_insert_node()
     (bnc#951638).
   - bcache: Convert btree_iter to struct btree_keys (bsc#1076110).
   - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
   - bcache: Convert debug code to btree_keys (bsc#1076110).
   - bcache: Convert gc to a kthread (bsc#1047626).
   - bcache: Convert sorting to btree_keys (bsc#1076110).
   - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
   - bcache: Convert writeback to a kthread (bsc#1076110).
   - bcache: Correct return value for sysfs attach errors (bsc#1076110).
   - bcache: Debug code improvements (bsc#1076110).
   - bcache: Delete some slower inline asm (bsc#1047626).
   - bcache: Do bkey_put() in btree_split() error path (bsc#1076110).
   - bcache: Do not bother with bucket refcount for btree node allocations
     (bsc#1076110).
   - bcache: Do not reinvent the wheel but use existing llist API
     (bsc#1076110).
   - bcache: Do not return -EINTR when insert finished (bsc#1076110).
   - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).
   - bcache: Do not use op->insert_collision (bsc#1076110).
   - bcache: Drop some closure stuff (bsc#1076110).
   - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
   - bcache: Explicitly track btree node's parent (bnc#951638).
   - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
   - bcache: Fix a bug when detaching (bsc#951638).
   - bcache: Fix a journal replay bug (bsc#1076110).
   - bcache: Fix a journalling performance bug (bnc#893777).
   - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
   - bcache: Fix a lockdep splat (bnc#893777).
   - bcache: Fix a lockdep splat in an error path (bnc#951638).
   - bcache: Fix a null ptr deref in journal replay (bsc#1047626).
   - bcache: Fix a race when freeing btree nodes (bsc#1076110).
   - bcache: Fix a shutdown bug (bsc#951638).
   - bcache: Fix an infinite loop in journal replay (bsc#1047626).
   - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).
   - bcache: Fix another compiler warning on m68k (bsc#1076110).
   - bcache: Fix auxiliary search trees for key size greater than  cacheline
     size (bsc#1076110).
   - bcache: Fix bch_ptr_bad() (bsc#1047626).
   - bcache: Fix building error on MIPS (bsc#1076110).
   - bcache: Fix dirty_data accounting (bsc#1076110).
   - bcache: Fix discard granularity (bsc#1047626).
   - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).
   - bcache: Fix for can_attach_cache() (bsc#1047626).
   - bcache: Fix heap_peek() macro (bsc#1047626).
   - bcache: Fix leak of bdev reference (bsc#1076110).
   - bcache: Fix more early shutdown bugs (bsc#951638).
   - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).
   - bcache: Fix moving_pred() (bsc#1047626).
   - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
   - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
   - bcache: Have btree_split() insert into parent directly (bsc#1076110).
   - bcache: Improve bucket_prio() calculation (bsc#1047626).
   - bcache: Improve priority_stats (bsc#1047626).
   - bcache: Incremental gc (bsc#1076110).
   - bcache: Insert multiple keys at a time (bnc#951638).
   - bcache: Kill bch_next_recurse_key() (bsc#1076110).
   - bcache: Kill btree_io_wq (bsc#1076110).
   - bcache: Kill bucket->gc_gen (bsc#1076110).
   - bcache: Kill dead cgroup code (bsc#1076110).
   - bcache: Kill op->cl (bsc#1076110).
   - bcache: Kill op->replace (bsc#1076110).
   - bcache: Kill sequential_merge option (bsc#1076110).
   - bcache: Kill unaligned bvec hack (bsc#1076110).
   - bcache: Kill unused freelist (bsc#1076110).
   - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).
   - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).
   - bcache: Minor btree cache fix (bsc#1047626).
   - bcache: Minor fixes from kbuild robot (bsc#1076110).
   - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).
   - bcache: Move keylist out of btree_op (bsc#1047626).
   - bcache: Move sector allocator to alloc.c (bsc#1076110).
   - bcache: Move some stuff to btree.c (bsc#1076110).
   - bcache: Move spinlock into struct time_stats (bsc#1076110).
   - bcache: New writeback PD controller (bsc#1047626).
   - bcache: PRECEDING_KEY() (bsc#1047626).
   - bcache: Performance fix for when journal entry is full (bsc#1047626).
   - bcache: Prune struct btree_op (bsc#1076110).
   - bcache: Pull on disk data structures out into a separate header
     (bsc#1076110).
   - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power
     of two (bsc#1076110).
   - bcache: Really show state of work pending bit (bsc#1076110).
   - bcache: Refactor bset_tree sysfs stats (bsc#1076110).
   - bcache: Refactor journalling flow control (bnc#951638).
   - bcache: Refactor read request code a bit (bsc#1076110).
   - bcache: Refactor request_write() (bnc#951638).
   - bcache: Remove deprecated create_workqueue (bsc#1076110).
   - bcache: Remove redundant block_size assignment (bsc#1047626).
   - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
   - bcache: Remove redundant set_capacity (bsc#1076110).
   - bcache: Remove unnecessary check in should_split() (bsc#1076110).
   - bcache: Remove/fix some header dependencies (bsc#1047626).
   - bcache: Rename/shuffle various code around (bsc#1076110).
   - bcache: Rework allocator reserves (bsc#1076110).
   - bcache: Rework btree cache reserve handling (bsc#1076110).
   - bcache: Split out sort_extent_cmp() (bsc#1076110).
   - bcache: Stripe size isn't necessarily a power of two (bnc#893949).
   - bcache: Trivial error handling fix (bsc#1047626).
   - bcache: Update continue_at() documentation (bsc#1076110).
   - bcache: Use a mempool for mergesort temporary space (bsc#1076110).
   - bcache: Use blkdev_issue_discard() (bnc#951638).
   - bcache: Use ida for bcache block dev minor (bsc#1047626).
   - bcache: Use uninterruptible sleep in writeback (bsc#1076110).
   - bcache: Zero less memory (bsc#1076110).
   - bcache: add a comment in journal bucket reading (bsc#1076110).
   - bcache: add mutex lock for bch_is_open (bnc#902893).
   - bcache: allows use of register in udev to avoid "device_busy" error
     (bsc#1047626).
   - bcache: bcache_write tracepoint was crashing (bsc#1076110).
   - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).
   - bcache: bch_allocator_thread() is not freezable (bsc#1047626).
   - bcache: bch_gc_thread() is not freezable (bsc#1047626).
   - bcache: bch_writeback_thread() is not freezable (bsc#1076110).
   - bcache: btree locking rework (bsc#1076110).
   - bcache: bugfix - gc thread now gets woken when cache is full
     (bsc#1047626).
   - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
   - bcache: bugfix for race between moving_gc and bucket_invalidate
     (bsc#1076110).
   - bcache: check ca->alloc_thread initialized before wake up it
     (bsc#1076110).
   - bcache: check return value of register_shrinker (bsc#1076110).
   - bcache: cleaned up error handling around register_cache() (bsc#1047626).
   - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
     device (bsc#1047626).
   - bcache: correct cache_dirty_target in __update_writeback_rate()
     (bsc#1076110).
   - bcache: defensively handle format strings (bsc#1047626).
   - bcache: do not embed 'return' statements in closure macros (bsc#1076110).
   - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).
   - bcache: do not write back data if reading it failed (bsc#1076110).
   - bcache: documentation formatting, edited for clarity, stripe alignment
     notes (bsc#1076110).
   - bcache: documentation updates and corrections (bsc#1076110).
   - bcache: explicitly destroy mutex while exiting (bsc#1076110).
   - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
     (bsc#1047626).
   - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).
   - bcache: fix a livelock when we cause a huge number of cache misses
     (bsc#1047626).
   - bcache: fix bch_hprint crash and improve output (bsc#1076110).
   - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint
     (bsc#1047626).
   - bcache: fix crash on shutdown in passthrough mode (bsc#1076110).
   - bcache: fix for gc and write-back race (bsc#1076110).
   - bcache: fix for gc and writeback race (bsc#1047626).
   - bcache: fix for gc crashing when no sectors are used (bsc#1047626).
   - bcache: fix race of writeback thread starting before complete
     initialization (bsc#1076110).
   - bcache: fix sequential large write IO bypass (bsc#1076110).
   - bcache: fix sparse non static symbol warning (bsc#1076110).
   - bcache: fix typo in bch_bkey_equal_header (bsc#1076110).
   - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).
   - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).
   - bcache: fix wrong cache_misses statistics (bsc#1076110).
   - bcache: gc does not work when triggering by manual command (bsc#1076110).
   - bcache: implement PI controller for writeback rate (bsc#1076110).
   - bcache: increase the number of open buckets (bsc#1076110).
   - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).
   - bcache: kill closure locking code (bsc#1076110).
   - bcache: kill closure locking usage (bnc#951638).
   - bcache: kill index() (bsc#1047626).
   - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).
   - bcache: only permit to recovery read error when cache device is clean
     (bsc#1076110).
   - bcache: partition support: add 16 minors per bcacheN device
     (bsc#1076110).
   - bcache: pr_err: more meaningful error message when nr_stripes is invalid
     (bsc#1076110).
   - bcache: prevent crash on changing writeback_running (bsc#1076110).
   - bcache: rearrange writeback main thread ratelimit (bsc#1076110).
   - bcache: recover data from backing when data is clean (bsc#1076110).
   - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
     (bsc#1047626).
   - bcache: remove nested function usage (bsc#1076110).
   - bcache: remove unused parameter (bsc#1076110).
   - bcache: rewrite multiple partitions support (bsc#1076110).
   - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
   - bcache: silence static checker warning (bsc#1076110).
   - bcache: smooth writeback rate control (bsc#1076110).
   - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
   - bcache: try to set b->parent properly (bsc#1076110).
   - bcache: update bch_bkey_try_merge (bsc#1076110).
   - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints
     (bsc#1076110).
   - bcache: update bucket_in_use in real time (bsc#1076110).
   - bcache: update document info (bsc#1076110).
   - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).
   - bcache: use kvfree() in various places (bsc#1076110).
   - bcache: use llist_for_each_entry_safe() in __closure_wake_up()
     (bsc#1076110).
   - bcache: wait for buckets when allocating new btree root (bsc#1076110).
   - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
   - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).
   - block: bump BLK_DEF_MAX_SECTORS to 2560 (bsc#1073246)
   - fork: clear thread stack upon allocation (bsc#1077560).
   - gcov: disable for COMPILE_TEST (bnc#1012382).
   - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
   - md: more open-coded offset_in_page() (bsc#1076110).
   - nfsd: do not share group_info among threads (bsc at 1070623).
   - powerpc/64: Add macros for annotating the destination of rfid/hrfid
     (bsc#1068032, bsc#1077182).
   - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1077182).
   - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1077182).
   - powerpc/64s: Add EX_SIZE definition for paca exception save areas
     (bsc#1068032, bsc#1077182).
   - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,
     bsc#1077182).
   - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,
     bsc#1077182).
   - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
     (bsc#1068032, bsc#1077182).
   - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1077182).
   - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
     (bsc#1068032, bsc#1077182).
   - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
   - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,
     bsc#1077182).
   - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,
     bsc#1077182).
   - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags > wrapper
     (bsc#1068032, bsc#1077182).
   - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,
     bsc#1077182).
   - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,
     bsc#1077182).
   - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration
     (bsc#1068032, bsc#1077182).
   - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,
     bsc#1077182).
   - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
     (bsc#1068032, bsc#1077182).
   - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
     (bsc#1068032, bsc#1077182).
   - storvsc: do not assume SG list is continuous when doing bounce buffers
     (bsc#1075411).
   - sysfs/cpu: Add vulnerability folder (bnc#1012382).
   - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
   - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
   - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).
   - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).
   - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
   - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).
   - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
     (bsc#1068032).
   - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
     bsc#1075091).
   - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-348=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-348=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-348=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-348=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (x86_64):

      kernel-default-3.12.74-60.64.82.1
      kernel-default-base-3.12.74-60.64.82.1
      kernel-default-base-debuginfo-3.12.74-60.64.82.1
      kernel-default-debuginfo-3.12.74-60.64.82.1
      kernel-default-debugsource-3.12.74-60.64.82.1
      kernel-default-devel-3.12.74-60.64.82.1
      kernel-syms-3.12.74-60.64.82.1
      kernel-xen-3.12.74-60.64.82.1
      kernel-xen-base-3.12.74-60.64.82.1
      kernel-xen-base-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debugsource-3.12.74-60.64.82.1
      kernel-xen-devel-3.12.74-60.64.82.1
      kgraft-patch-3_12_74-60_64_82-default-1-2.9.1
      kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1

   - SUSE OpenStack Cloud 6 (noarch):

      kernel-devel-3.12.74-60.64.82.1
      kernel-macros-3.12.74-60.64.82.1
      kernel-source-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      kernel-default-3.12.74-60.64.82.1
      kernel-default-base-3.12.74-60.64.82.1
      kernel-default-base-debuginfo-3.12.74-60.64.82.1
      kernel-default-debuginfo-3.12.74-60.64.82.1
      kernel-default-debugsource-3.12.74-60.64.82.1
      kernel-default-devel-3.12.74-60.64.82.1
      kernel-syms-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

      kernel-devel-3.12.74-60.64.82.1
      kernel-macros-3.12.74-60.64.82.1
      kernel-source-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      kernel-xen-3.12.74-60.64.82.1
      kernel-xen-base-3.12.74-60.64.82.1
      kernel-xen-base-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debugsource-3.12.74-60.64.82.1
      kernel-xen-devel-3.12.74-60.64.82.1
      kgraft-patch-3_12_74-60_64_82-default-1-2.9.1
      kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.74-60.64.82.1
      kernel-default-base-3.12.74-60.64.82.1
      kernel-default-base-debuginfo-3.12.74-60.64.82.1
      kernel-default-debuginfo-3.12.74-60.64.82.1
      kernel-default-debugsource-3.12.74-60.64.82.1
      kernel-default-devel-3.12.74-60.64.82.1
      kernel-syms-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      kernel-xen-3.12.74-60.64.82.1
      kernel-xen-base-3.12.74-60.64.82.1
      kernel-xen-base-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debuginfo-3.12.74-60.64.82.1
      kernel-xen-debugsource-3.12.74-60.64.82.1
      kernel-xen-devel-3.12.74-60.64.82.1
      kgraft-patch-3_12_74-60_64_82-default-1-2.9.1
      kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

      kernel-devel-3.12.74-60.64.82.1
      kernel-macros-3.12.74-60.64.82.1
      kernel-source-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):

      kernel-default-man-3.12.74-60.64.82.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.74-60.64.82.1
      kernel-ec2-debuginfo-3.12.74-60.64.82.1
      kernel-ec2-debugsource-3.12.74-60.64.82.1
      kernel-ec2-devel-3.12.74-60.64.82.1
      kernel-ec2-extra-3.12.74-60.64.82.1
      kernel-ec2-extra-debuginfo-3.12.74-60.64.82.1


References:

   https://www.suse.com/security/cve/CVE-2015-1142857.html
   https://www.suse.com/security/cve/CVE-2017-13215.html
   https://www.suse.com/security/cve/CVE-2017-17741.html
   https://www.suse.com/security/cve/CVE-2017-17805.html
   https://www.suse.com/security/cve/CVE-2017-17806.html
   https://www.suse.com/security/cve/CVE-2017-18079.html
   https://www.suse.com/security/cve/CVE-2017-5715.html
   https://www.suse.com/security/cve/CVE-2018-1000004.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1047118
   https://bugzilla.suse.com/1047626
   https://bugzilla.suse.com/1068032
   https://bugzilla.suse.com/1070623
   https://bugzilla.suse.com/1073246
   https://bugzilla.suse.com/1073311
   https://bugzilla.suse.com/1073792
   https://bugzilla.suse.com/1073874
   https://bugzilla.suse.com/1074709
   https://bugzilla.suse.com/1075091
   https://bugzilla.suse.com/1075411
   https://bugzilla.suse.com/1075908
   https://bugzilla.suse.com/1075994
   https://bugzilla.suse.com/1076017
   https://bugzilla.suse.com/1076110
   https://bugzilla.suse.com/1076154
   https://bugzilla.suse.com/1076278
   https://bugzilla.suse.com/1077182
   https://bugzilla.suse.com/1077355
   https://bugzilla.suse.com/1077560
   https://bugzilla.suse.com/1077922
   https://bugzilla.suse.com/1081317
   https://bugzilla.suse.com/893777
   https://bugzilla.suse.com/893949
   https://bugzilla.suse.com/902893
   https://bugzilla.suse.com/951638



More information about the sle-security-updates mailing list