SUSE-SU-2018:1821-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jun 27 07:08:48 MDT 2018
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1821-1
Rating: important
References: #1046610 #1052351 #1068054 #1079152 #1080837
#1083347 #1087086 #1087088 #1088997 #1088998
#1088999 #1089000 #1089001 #1089002 #1089003
#1089004 #1089005 #1089006 #1089007 #1089008
#1089010 #1089011 #1089012 #1089013 #1089016
#1089192 #1089199 #1089200 #1089201 #1089202
#1089203 #1089204 #1089205 #1089206 #1089207
#1089208 #1089209 #1089210 #1089211 #1089212
#1089213 #1089214 #1089215 #1089216 #1089217
#1089218 #1089219 #1089220 #1089221 #1089222
#1089223 #1089224 #1089225 #1089226 #1089227
#1089228 #1089229 #1089230 #1089231 #1089232
#1089233 #1089234 #1089235 #1089236 #1089237
#1089238 #1089239 #1089240 #1089241 #1093194
#1093195 #1093196 #1093197 #1093198 #1094244
#1094421 #1094422 #1094423 #1094424 #1094425
#1094436 #1094437 #1095241 #1096140 #1096242
#1096281 #1096746 #1097443 #1097445 #1097948
#973378 #989401
Cross-References: CVE-2018-3665
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves one vulnerability and has 91 fixes is
now available.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
This new feature was added:
- Btrfs: Remove empty block groups in the background
The following security bugs were fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and
AVX registers) between processes. These registers might contain
encryption keys when doing SSE accelerated AES enc/decryption
(bsc#1087086)
The following non-security bugs were fixed:
- ALSA: timer: Fix pause event notification (bsc#973378).
- Btrfs: Avoid trucating page or punching hole in a already existed hole
(bsc#1088998).
- Btrfs: Avoid truncate tailing page if fallocate range does not exceed
inode size (bsc#1094424).
- Btrfs: Fix lost-data-profile caused by auto removing bg.
- Btrfs: Fix misuse of chunk mutex
- Btrfs: Fix out-of-space bug (bsc#1089231).
- Btrfs: Set relative data on clear btrfs_block_group_cache->pinned.
- Btrfs: Use ref_cnt for set_block_group_ro() (bsc#1089239).
- Btrfs: add alloc_fs_devices and switch to it (bsc#1089205).
- Btrfs: add btrfs_alloc_device and switch to it (bsc#1089204).
- Btrfs: add missing discards when unpinning extents with -o discard.
- Btrfs: add missing inode update when punching hole (bsc#1089006).
- Btrfs: add support for asserts (bsc#1089207).
- Btrfs: avoid syncing log in the fast fsync path when not necessary
(bsc#1089010).
- Btrfs: btrfs_issue_discard ensure offset/length are aligned to sector
boundaries.
- Btrfs: check pending chunks when shrinking fs to avoid corruption
(bsc#1089235).
- Btrfs: cleanup backref search commit root flag stuff (bsc#1089200).
- Btrfs: delete chunk allocation attemp when setting block group ro.
- Btrfs: do not leak transaction in btrfs_sync_file() (bsc#1089210).
- Btrfs: do not mix the ordered extents of all files together during
logging the inodes (bsc#1089214).
- Btrfs: do not remove extents and xattrs when logging new names
(bsc#1089005).
- Btrfs: eliminate races in worker stopping code (bsc#1089211).
- Btrfs: ensure deletion from pinned_chunks list is protected.
- Btrfs: explictly delete unused block groups in close_ctree and
ro-remount.
- Btrfs: fix -ENOSPC on block group removal.
- Btrfs: fix -ENOSPC when finishing block group creation.
- Btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group.
- Btrfs: fix NULL pointer crash when running balance and scrub
concurrently (bsc#1089220).
- Btrfs: fix chunk allocation regression leading to transaction abort
(bsc#1089236).
- Btrfs: fix crash caused by block group removal.
- Btrfs: fix data loss in the fast fsync path (bsc#1089007).
- Btrfs: fix deadlock caused by fsync when logging directory entries
(bsc#1093194).
- Btrfs: fix directory inconsistency after fsync log replay (bsc#1089001).
- Btrfs: fix directory recovery from fsync log (bsc#1088999).
- Btrfs: fix empty symlink after creating symlink and fsync parent dir
(bsc#1093195).
- Btrfs: fix file loss on log replay after renaming a file and fsync
(bsc#1093196).
- Btrfs: fix file/data loss caused by fsync after rename and new inode
(bsc#1089241).
- Btrfs: fix find_free_dev_extent() malfunction in case device tree has
hole (bsc#1089232).
- Btrfs: fix fitrim discarding device area reserved for boot loader's use.
- Btrfs: fix freeing used extent after removing empty block group.
- Btrfs: fix freeing used extents after removing empty block group.
- Btrfs: fix fs mapping extent map leak (bsc#1089229).
- Btrfs: fix fsync data loss after a ranged fsync (bsc#1089221).
- Btrfs: fix fsync data loss after adding hard link to inode (bsc#1089004).
- Btrfs: fix fsync data loss after append write (bsc#1089238).
- Btrfs: fix fsync log replay for inodes with a mix of regular refs and
extrefs (bsc#1089003).
- Btrfs: fix fsync race leading to invalid data after log replay
(bsc#1089000).
- Btrfs: fix fsync when extend references are added to an inode
(bsc#1089002).
- Btrfs: fix fsync xattr loss in the fast fsync path (bsc#1094423).
- Btrfs: fix invalid extent maps due to hole punching (bsc#1094425).
- Btrfs: fix kernel oops while reading compressed data (bsc#1089192).
- Btrfs: fix log replay failure after linking special file and fsync
(bsc#1089016).
- Btrfs: fix memory leak after block remove + trimming.
- Btrfs: fix metadata inconsistencies after directory fsync (bsc#1093197).
- Btrfs: fix race between balance and unused block group deletion
(bsc#1089237).
- Btrfs: fix race between fs trimming and block group remove/allocation.
- Btrfs: fix race between scrub and block group deletion.
- Btrfs: fix race between transaction commit and empty block group removal.
- Btrfs: fix race conditions in BTRFS_IOC_FS_INFO ioctl (bsc#1089206).
- Btrfs: fix racy system chunk allocation when setting block group ro
(bsc#1089233).
- Btrfs: fix regression in raid level conversion (bsc#1089234).
- Btrfs: fix skipped error handle when log sync failed (bsc#1089217).
- Btrfs: fix stale dir entries after removing a link and fsync
(bsc#1089011).
- Btrfs: fix the number of transaction units needed to remove a block
group.
- Btrfs: fix the skipped transaction commit during the file sync
(bsc#1089216).
- Btrfs: fix unprotected alloc list insertion during the finishing
procedure of replace (bsc#1089215).
- Btrfs: fix unprotected assignment of the target device (bsc#1089222).
- Btrfs: fix unprotected deletion from pending_chunks list.
- Btrfs: fix unprotected device list access when getting the fs
information (bsc#1089228).
- Btrfs: fix unprotected device's variants on 32bits machine (bsc#1089227).
- Btrfs: fix unprotected device->bytes_used update (bsc#1089225).
- Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
(bsc#1089240).
- Btrfs: fix up read_tree_block to return proper error (bsc#1080837).
- Btrfs: fix wrong device bytes_used in the super block (bsc#1089224).
- Btrfs: fix wrong disk size when writing super blocks (bsc#1089223).
- Btrfs: fix xattr loss after power failure (bsc#1094436).
- Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#1089013).
- Btrfs: initialize the seq counter in struct btrfs_device (bsc#1094437).
- Btrfs: iterate over unused chunk space in FITRIM.
- Btrfs: make btrfs_issue_discard return bytes discarded.
- Btrfs: make btrfs_search_forward return with nodes unlocked
(bsc#1094422).
- Btrfs: make sure to copy everything if we rename (bsc#1088997).
- Btrfs: make the chunk allocator completely tree lockless (bsc#1089202).
- Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of
btrfs_truncate (bsc#1089201).
- Btrfs: nuke write_super from comments (bsc#1089199).
- Btrfs: only drop modified extents if we logged the whole inode
(bsc#1089213).
- Btrfs: only update disk_i_size as we remove extents (bsc#1089209).
- Btrfs: qgroup: return EINVAL if level of parent is not higher than
child's (bsc#1089012).
- Btrfs: remove deleted xattrs on fsync log replay (bsc#1089008).
- Btrfs: remove empty block groups automatically.
- Btrfs: remove non-sense btrfs_error_discard_extent() function
(bsc#1089230).
- Btrfs: remove parameter blocksize from read_tree_block (bsc#1080837).
- Btrfs: remove transaction from send (bsc#1089218).
- Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock.
- Btrfs: remove unused max_key arg from btrfs_search_forward (bsc#1094421).
- Btrfs: return an error from btrfs_wait_ordered_range (bsc#1089212).
- Btrfs: set inode's logged_trans/last_log_commit after ranged fsync
(bsc#1093198).
- Btrfs: skip superblocks during discard.
- Btrfs: stop refusing the relocation of chunk 0 (bsc#1089208).
- Btrfs: update free_chunk_space during allocting a new chunk
(bsc#1089226).
- Btrfs: use global reserve when deleting unused block group after ENOSPC.
- Btrfs: use nodesize everywhere, kill leafsize (bsc#1080837).
- Btrfs: wait ordered range before doing direct io (bsc#1089203).
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure
(bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- balloon: do not BUG() when balloon is empty (bsc#1083347).
- fs: btrfs: volumes.c: Fix for possible null pointer dereference
(bsc#1089219).
- kernel: Fix memory leak on EP11 target list processing (bnc#1096746).
- kvm/powerpc: Add new ioctl to retreive server MMU infos (bsc#1094244).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
(bsc#1079152, VM Functionality).
- module: Fix locking in symbol_put_addr() (bsc#1097445).
- netfront: make req_prod check properly deal with index wraps
(bsc#1046610).
- powerpc/64s: Fix compiler store ordering to SLB shadow area
(bsc#1094244).
- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
(bsc#1094244).
- powerpc/pseries: Define MCE error event section (bsc#1094244).
- powerpc/pseries: Display machine check error details (bsc#1094244).
- powerpc/pseries: Dump and flush SLB contents on SLB MCE errors
(bsc#1094244).
- powerpc/pseries: convert rtas_log_buf to linear allocation (bsc#1094244).
- qla2xxx: Mask off Scope bits in retry delay (bsc#1068054).
- s390/cpum_sf: ensure sample frequency of perf event attributes is
non-zero (bnc#1096746).
- s390/dasd: fix failing path verification (bnc#1096746).
- trace: module: Maintain a valid user count (bsc#1097443).
- x86/boot: Fix early command-line parsing when partial word matches
(bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being
disabled (bsc#1096140).
- x86: Fix /proc/mtrr with base/size more than 44bits (bsc#1052351).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401).
- xfs: only update the last_sync_lsn when a transaction completes
(bsc#989401).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-source-13680=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-source-13680=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-source-13680=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-source-13680=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.57.1
kernel-default-base-3.0.101-108.57.1
kernel-default-devel-3.0.101-108.57.1
kernel-source-3.0.101-108.57.1
kernel-syms-3.0.101-108.57.1
kernel-trace-3.0.101-108.57.1
kernel-trace-base-3.0.101-108.57.1
kernel-trace-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.57.1
kernel-ec2-base-3.0.101-108.57.1
kernel-ec2-devel-3.0.101-108.57.1
kernel-xen-3.0.101-108.57.1
kernel-xen-base-3.0.101-108.57.1
kernel-xen-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.57.1
kernel-bigmem-base-3.0.101-108.57.1
kernel-bigmem-devel-3.0.101-108.57.1
kernel-ppc64-3.0.101-108.57.1
kernel-ppc64-base-3.0.101-108.57.1
kernel-ppc64-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.57.1
kernel-pae-base-3.0.101-108.57.1
kernel-pae-devel-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-108.57.1
kernel-default-debugsource-3.0.101-108.57.1
kernel-trace-debuginfo-3.0.101-108.57.1
kernel-trace-debugsource-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.57.1
kernel-trace-devel-debuginfo-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.57.1
kernel-ec2-debugsource-3.0.101-108.57.1
kernel-xen-debuginfo-3.0.101-108.57.1
kernel-xen-debugsource-3.0.101-108.57.1
kernel-xen-devel-debuginfo-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.57.1
kernel-bigmem-debugsource-3.0.101-108.57.1
kernel-ppc64-debuginfo-3.0.101-108.57.1
kernel-ppc64-debugsource-3.0.101-108.57.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.57.1
kernel-pae-debugsource-3.0.101-108.57.1
kernel-pae-devel-debuginfo-3.0.101-108.57.1
References:
https://www.suse.com/security/cve/CVE-2018-3665.html
https://bugzilla.suse.com/1046610
https://bugzilla.suse.com/1052351
https://bugzilla.suse.com/1068054
https://bugzilla.suse.com/1079152
https://bugzilla.suse.com/1080837
https://bugzilla.suse.com/1083347
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1088997
https://bugzilla.suse.com/1088998
https://bugzilla.suse.com/1088999
https://bugzilla.suse.com/1089000
https://bugzilla.suse.com/1089001
https://bugzilla.suse.com/1089002
https://bugzilla.suse.com/1089003
https://bugzilla.suse.com/1089004
https://bugzilla.suse.com/1089005
https://bugzilla.suse.com/1089006
https://bugzilla.suse.com/1089007
https://bugzilla.suse.com/1089008
https://bugzilla.suse.com/1089010
https://bugzilla.suse.com/1089011
https://bugzilla.suse.com/1089012
https://bugzilla.suse.com/1089013
https://bugzilla.suse.com/1089016
https://bugzilla.suse.com/1089192
https://bugzilla.suse.com/1089199
https://bugzilla.suse.com/1089200
https://bugzilla.suse.com/1089201
https://bugzilla.suse.com/1089202
https://bugzilla.suse.com/1089203
https://bugzilla.suse.com/1089204
https://bugzilla.suse.com/1089205
https://bugzilla.suse.com/1089206
https://bugzilla.suse.com/1089207
https://bugzilla.suse.com/1089208
https://bugzilla.suse.com/1089209
https://bugzilla.suse.com/1089210
https://bugzilla.suse.com/1089211
https://bugzilla.suse.com/1089212
https://bugzilla.suse.com/1089213
https://bugzilla.suse.com/1089214
https://bugzilla.suse.com/1089215
https://bugzilla.suse.com/1089216
https://bugzilla.suse.com/1089217
https://bugzilla.suse.com/1089218
https://bugzilla.suse.com/1089219
https://bugzilla.suse.com/1089220
https://bugzilla.suse.com/1089221
https://bugzilla.suse.com/1089222
https://bugzilla.suse.com/1089223
https://bugzilla.suse.com/1089224
https://bugzilla.suse.com/1089225
https://bugzilla.suse.com/1089226
https://bugzilla.suse.com/1089227
https://bugzilla.suse.com/1089228
https://bugzilla.suse.com/1089229
https://bugzilla.suse.com/1089230
https://bugzilla.suse.com/1089231
https://bugzilla.suse.com/1089232
https://bugzilla.suse.com/1089233
https://bugzilla.suse.com/1089234
https://bugzilla.suse.com/1089235
https://bugzilla.suse.com/1089236
https://bugzilla.suse.com/1089237
https://bugzilla.suse.com/1089238
https://bugzilla.suse.com/1089239
https://bugzilla.suse.com/1089240
https://bugzilla.suse.com/1089241
https://bugzilla.suse.com/1093194
https://bugzilla.suse.com/1093195
https://bugzilla.suse.com/1093196
https://bugzilla.suse.com/1093197
https://bugzilla.suse.com/1093198
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1094421
https://bugzilla.suse.com/1094422
https://bugzilla.suse.com/1094423
https://bugzilla.suse.com/1094424
https://bugzilla.suse.com/1094425
https://bugzilla.suse.com/1094436
https://bugzilla.suse.com/1094437
https://bugzilla.suse.com/1095241
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
https://bugzilla.suse.com/1096746
https://bugzilla.suse.com/1097443
https://bugzilla.suse.com/1097445
https://bugzilla.suse.com/1097948
https://bugzilla.suse.com/973378
https://bugzilla.suse.com/989401
More information about the sle-security-updates
mailing list