SUSE-SU-2018:1761-1: important: Security update for the Linux Kernel

Wed Jun 20 07:09:00 MDT 2018

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1761-1
Rating:             important
References:         #1038553 #1046610 #1079152 #1082962 #1083382 
                    #1083900 #1087007 #1087012 #1087082 #1087086 
                    #1087095 #1092813 #1092904 #1094033 #1094353 
                    #1094823 #1096140 #1096242 #1096281 #1096480 
                    #1096728 #1097356 
Cross-References:   CVE-2017-13305 CVE-2018-1000204 CVE-2018-1092
                    CVE-2018-1093 CVE-2018-1094 CVE-2018-1130
                    CVE-2018-3665 CVE-2018-5803 CVE-2018-5848
                    CVE-2018-7492
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 10 vulnerabilities and has 12 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
     AVX registers) between processes. These registers might contain
     encryption keys when doing SSE accelerated AES enc/decryption
     (bsc#1087086)
   - CVE-2018-5848: In the function wmi_set_ie(), the length validation code
     did not handle unsigned integer overflow properly. As a result, a large
     value of the 'ie_len' argument could have caused a buffer overflow
     (bnc#1097356)
   - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
     SG_IO ioctl (bsc#1096728)
   - CVE-2017-13305: Prevent information disclosure vulnerability in
     encrypted-keys (bsc#1094353)
   - CVE-2018-1094: The ext4_fill_super function did not always initialize
     the crc32c checksum driver, which allowed attackers to cause a denial of
     service (ext4_xattr_inode_hash NULL pointer dereference and system
     crash) via a crafted ext4 image (bsc#1087007).
   - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to
     cause a denial of service (out-of-bounds read and system crash) via a
     crafted ext4 image because balloc.c and ialloc.c do not validate bitmap
     block numbers (bsc#1087095).
   - CVE-2018-1092: The ext4_iget function mishandled the case of a root
     directory with a zero i_links_count, which allowed attackers to cause a
     denial of service (ext4_process_freed_data NULL pointer dereference and
     OOPS) via a crafted ext4 image (bsc#1087012).
   - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function
     that allowed a local user to cause a denial of service by a number of
     certain crafted system calls (bsc#1092904)
   - CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when
     handling SCTP packets length that could have been exploited to cause a
     kernel crash (bnc#1083900)
   - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c
     __rds_rdma_map() function that allowed local attackers to cause a system
     panic and a denial-of-service, related to RDS_GET_MR and
     RDS_GET_MR_FOR_DEST (bsc#1082962)

   The following non-security bugs were fixed:

   - Btrfs: fix unexpected balance crash due to BUG_ON (bsc#1038553).
   - Fix excessive newline in /proc/*/status (bsc#1094823).
   - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
     (bsc#1096242, bsc#1096281).
   - dm thin metadata: call precommit before saving the roots (bsc#1083382).
   - dm thin: fix inability to discard blocks when in out-of-data-space mode
     (bsc#1083382).
   - dm thin: fix missing out-of-data-space to write mode transition if
     blocks are released (bsc#1083382).
   - dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE
     transition (bsc#1083382).
   - dm: fix various targets to dm_register_target after module __init
     resources created (bsc#1083382).
   - kABI: work around BPF SSBD removal (bsc#1087082).
   - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread
     (bsc#1094033).
   - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
     (bsc#1079152).
   - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
     (bsc#1096480).
   - usbip: usbip_host: fix bad unlock balance during stub_probe()
     (bsc#1096480).
   - x86/boot: Fix early command-line parsing when matching at end
     (bsc#1096281).
   - x86/boot: Fix early command-line parsing when partial word matches
     (bsc#1096281).
   - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
     disabled (bsc#1096140).
   - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
   - xen-netfront: fix req_prod check to avoid RX hang when index wraps
     (bsc#1046610).

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1183=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1183=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1183=1

Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      kernel-default-3.12.74-60.64.96.1
      kernel-default-base-3.12.74-60.64.96.1
      kernel-default-base-debuginfo-3.12.74-60.64.96.1
      kernel-default-debuginfo-3.12.74-60.64.96.1
      kernel-default-debugsource-3.12.74-60.64.96.1
      kernel-default-devel-3.12.74-60.64.96.1
      kernel-syms-3.12.74-60.64.96.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch):

      kernel-devel-3.12.74-60.64.96.1
      kernel-macros-3.12.74-60.64.96.1
      kernel-source-3.12.74-60.64.96.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      kernel-xen-3.12.74-60.64.96.1
      kernel-xen-base-3.12.74-60.64.96.1
      kernel-xen-base-debuginfo-3.12.74-60.64.96.1
      kernel-xen-debuginfo-3.12.74-60.64.96.1
      kernel-xen-debugsource-3.12.74-60.64.96.1
      kernel-xen-devel-3.12.74-60.64.96.1
      kgraft-patch-3_12_74-60_64_96-default-1-2.3.1
      kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.74-60.64.96.1
      kernel-default-base-3.12.74-60.64.96.1
      kernel-default-base-debuginfo-3.12.74-60.64.96.1
      kernel-default-debuginfo-3.12.74-60.64.96.1
      kernel-default-debugsource-3.12.74-60.64.96.1
      kernel-default-devel-3.12.74-60.64.96.1
      kernel-syms-3.12.74-60.64.96.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch):

      kernel-devel-3.12.74-60.64.96.1
      kernel-macros-3.12.74-60.64.96.1
      kernel-source-3.12.74-60.64.96.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      kernel-xen-3.12.74-60.64.96.1
      kernel-xen-base-3.12.74-60.64.96.1
      kernel-xen-base-debuginfo-3.12.74-60.64.96.1
      kernel-xen-debuginfo-3.12.74-60.64.96.1
      kernel-xen-debugsource-3.12.74-60.64.96.1
      kernel-xen-devel-3.12.74-60.64.96.1
      kgraft-patch-3_12_74-60_64_96-default-1-2.3.1
      kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x):

      kernel-default-man-3.12.74-60.64.96.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.74-60.64.96.1
      kernel-ec2-debuginfo-3.12.74-60.64.96.1
      kernel-ec2-debugsource-3.12.74-60.64.96.1
      kernel-ec2-devel-3.12.74-60.64.96.1
      kernel-ec2-extra-3.12.74-60.64.96.1
      kernel-ec2-extra-debuginfo-3.12.74-60.64.96.1

References:

   https://www.suse.com/security/cve/CVE-2017-13305.html
   https://www.suse.com/security/cve/CVE-2018-1000204.html
   https://www.suse.com/security/cve/CVE-2018-1092.html
   https://www.suse.com/security/cve/CVE-2018-1093.html
   https://www.suse.com/security/cve/CVE-2018-1094.html
   https://www.suse.com/security/cve/CVE-2018-1130.html
   https://www.suse.com/security/cve/CVE-2018-3665.html
   https://www.suse.com/security/cve/CVE-2018-5803.html
   https://www.suse.com/security/cve/CVE-2018-5848.html
   https://www.suse.com/security/cve/CVE-2018-7492.html
   https://bugzilla.suse.com/1038553
   https://bugzilla.suse.com/1046610
   https://bugzilla.suse.com/1079152
   https://bugzilla.suse.com/1082962
   https://bugzilla.suse.com/1083382
   https://bugzilla.suse.com/1083900
   https://bugzilla.suse.com/1087007
   https://bugzilla.suse.com/1087012
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087086
   https://bugzilla.suse.com/1087095
   https://bugzilla.suse.com/1092813
   https://bugzilla.suse.com/1092904
   https://bugzilla.suse.com/1094033
   https://bugzilla.suse.com/1094353
   https://bugzilla.suse.com/1094823
   https://bugzilla.suse.com/1096140
   https://bugzilla.suse.com/1096242
   https://bugzilla.suse.com/1096281
   https://bugzilla.suse.com/1096480
   https://bugzilla.suse.com/1096728
   https://bugzilla.suse.com/1097356