SUSE-SU-2018:1221-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri May 11 13:10:59 MDT 2018

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2018:1221-1
Rating:             important
References:         #1076537 #1082299 #1083125 #1083242 #1084536 
                    #1085331 #1086162 #1087088 #1087209 #1087260 
                    #1088147 #1088260 #1088261 #1089608 #1089752 
Cross-References:   CVE-2017-0861 CVE-2017-11089 CVE-2017-13220
                    CVE-2017-18203 CVE-2018-10087 CVE-2018-10124
                    CVE-2018-1087 CVE-2018-7757 CVE-2018-8781
                    CVE-2018-8822 CVE-2018-8897
Affected Products:
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12

   An update that solves 11 vulnerabilities and has 5 fixes is
   now available.


   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
     potentially escalate their privileges inside a guest. (bsc#1087088)
   - CVE-2018-8897: An unprivileged system user could use incorrect set up
     interrupt stacks to crash the Linux kernel resulting in DoS issue.
   - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
     had an integer-overflow vulnerability allowing local users with access
     to the udldrmfb driver to obtain full read and write permissions on
     kernel physical pages, resulting in a code execution in kernel space
   - CVE-2018-10124: The kill_something_info function in kernel/signal.c
     might allow local users to cause a denial of service via an INT_MIN
     argument (bnc#1089752).
   - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow
     local users to cause a denial of service by triggering an attempted use
     of the -INT_MIN value (bnc#1089608).
   - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
     drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
     of service (memory consumption) via many read accesses to files in the
     /sys/class/sas_phy directory, as demonstrated by the
     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536
   - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream
     kernel bluez was fixed. (bnc#1076537).
   - CVE-2017-11089: A buffer overread was observed in nl80211_set_station
     when user space application sends attribute
     NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
   - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function
     in the ALSA subsystem allowed attackers to gain privileges via
     unspecified vectors (bnc#1088260).
   - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
     function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
     NCPFS servers to crash the kernel or execute code (bnc#1086162).
   - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c
     allow local users to cause a denial of service (BUG) by leveraging a
     race condition with __dm_destroy during creation and removal of DM
     devices (bnc#1083242).

   The following non-security bugs were fixed:

   - Integrate fixes resulting from bsc#1088147 More info in the respective
     commit messages.
   - KABI: x86/kaiser: properly align trampoline stack (bsc#1087260).
   - kGraft: fix small race in reversion code (bsc#1083125).
   - kabi/severities: Ignore kgr_shadow_* kABI changes
   - kvm/x86: fix icebp instruction handling (bsc#1087088).
   - livepatch: Allow to call a custom callback when freeing shadow variables
     (bsc#1082299 fate#313296).
   - livepatch: Initialize shadow variables safely by a custom callback
     (bsc#1082299 fate#313296).
   - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
   - x86/kaiser: properly align trampoline stack (bsc#1087260).
   - x86/retpoline: do not perform thunk calls in ring3 vsyscall code

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2018-844=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-844=1

Package List:

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Server 12-LTSS (noarch):


   - SUSE Linux Enterprise Server 12-LTSS (x86_64):


   - SUSE Linux Enterprise Server 12-LTSS (s390x):


   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):



More information about the sle-security-updates mailing list