SUSE-SU-2018:1482-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu May 31 16:07:14 MDT 2018
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1482-1
Rating: important
References: #1013018 #1070404 #1072689 #1087082 #1088343
#1089386 #1090607 #1091659 #1092497 #1093600
#1093710 #919382
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
This update main focus is a regression fix in SystemV IPC handling.
(bsc#1093600)
The following non-security bugs were fixed:
- Drop cBPF SSBD as classic BPF does not really have a proper concept of
pointers, and without eBPF maps the out-of-bounds access in speculative
execution branch can't be mounted. Moreoever, seccomp BPF uses only such
a subset of BPF that can only do absolute indexing, and therefore
seccomp data buffer boundarier can't be crossed. Information condensed
from Alexei and Kees.
- ibrs used instead of retpoline on Haswell processor with
spectre_v2=retpoline (bsc#1092497)
- ib/mlx4: Convert slave port before building address-handle (bug#919382
FATE#317529).
- KABI protect struct _lowcore (bsc#1089386).
- Update config files, add Spectre mitigation for s390x (bnc#1089386,
LTC#166572).
- Update s390 config files (bsc#1089386).
- fanotify: fix logic of events on child (bsc#1013018).
- ipc/msg: Fix faulty parsing of msgctl args (bsc#1093600,bsc#1072689).
- ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
- ocfs2/dlm: wait for dlm recovery done when migrating all lock resources
(bsc#1013018).
- powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and
architecture bits (bsc#1087082).
- powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 (FATE#325713,
bsc#1093710).
- s390/cio: update chpid descriptor after resource accessibility event
(bnc#1091659, LTC#167429).
- s390/dasd: fix IO error for newly defined devices (bnc#1091659,
LTC#167398).
- s390/qdio: fix access to uninitialized qdio_q fields (bnc#1091659,
LTC#168037).
- s390/qeth: on channel error, reject further cmd requests (bnc#1088343,
LTC#165985).
- s390: add automatic detection of the spectre defense (bnc#1089386,
LTC#166572).
- s390: add optimized array_index_mask_nospec (bnc#1089386, LTC#166572).
- s390: add sysfs attributes for spectre (bnc#1089386, LTC#166572).
- s390: correct module section names for expoline code revert
(bsc#1089386).
- s390: correct nospec auto detection init order (bnc#1089386, LTC#166572).
- s390: do not bypass BPENTER for interrupt system calls (bnc#1089386,
LTC#166572).
- s390: fix retpoline build on 31bit (bsc#1089386).
- s390: improve cpu alternative handling for gmb and nobp (bnc#1089386,
LTC#166572).
- s390: introduce execute-trampolines for branches (bnc#1089386,
LTC#166572).
- s390: move nobp parameter functions to nospec-branch.c (bnc#1089386,
LTC#166572).
- s390: report spectre mitigation via syslog (bnc#1089386, LTC#166572).
- s390: run user space and KVM guests with modified branch prediction
(bnc#1089386, LTC#166572).
- s390: scrub registers on kernel entry and KVM exit (bnc#1089386,
LTC#166572).
- x86, mce: Fix mce_start_timer semantics (bsc#1090607).
- x86/kaiser: symbol kaiser_set_shadow_pgd() exported with non GPL
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-kernel-20180526-13635=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-kernel-20180526-13635=1
- SUSE Linux Enterprise Server 11-EXTRA:
zypper in -t patch slexsp3-kernel-20180526-13635=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-kernel-20180526-13635=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
kernel-docs-3.0.101-108.52.2
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-3.0.101-108.52.1
kernel-default-base-3.0.101-108.52.1
kernel-default-devel-3.0.101-108.52.1
kernel-source-3.0.101-108.52.1
kernel-syms-3.0.101-108.52.1
kernel-trace-3.0.101-108.52.1
kernel-trace-base-3.0.101-108.52.1
kernel-trace-devel-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
kernel-ec2-3.0.101-108.52.1
kernel-ec2-base-3.0.101-108.52.1
kernel-ec2-devel-3.0.101-108.52.1
kernel-xen-3.0.101-108.52.1
kernel-xen-base-3.0.101-108.52.1
kernel-xen-devel-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64):
kernel-bigmem-3.0.101-108.52.1
kernel-bigmem-base-3.0.101-108.52.1
kernel-bigmem-devel-3.0.101-108.52.1
kernel-ppc64-3.0.101-108.52.1
kernel-ppc64-base-3.0.101-108.52.1
kernel-ppc64-devel-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-SP4 (s390x):
kernel-default-man-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
kernel-pae-3.0.101-108.52.1
kernel-pae-base-3.0.101-108.52.1
kernel-pae-devel-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
kernel-default-extra-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
kernel-xen-extra-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-EXTRA (x86_64):
kernel-trace-extra-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-EXTRA (ppc64):
kernel-ppc64-extra-3.0.101-108.52.1
- SUSE Linux Enterprise Server 11-EXTRA (i586):
kernel-pae-extra-3.0.101-108.52.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
kernel-default-debuginfo-3.0.101-108.52.1
kernel-default-debugsource-3.0.101-108.52.1
kernel-trace-debuginfo-3.0.101-108.52.1
kernel-trace-debugsource-3.0.101-108.52.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
kernel-default-devel-debuginfo-3.0.101-108.52.1
kernel-trace-devel-debuginfo-3.0.101-108.52.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
kernel-ec2-debuginfo-3.0.101-108.52.1
kernel-ec2-debugsource-3.0.101-108.52.1
kernel-xen-debuginfo-3.0.101-108.52.1
kernel-xen-debugsource-3.0.101-108.52.1
kernel-xen-devel-debuginfo-3.0.101-108.52.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
kernel-bigmem-debuginfo-3.0.101-108.52.1
kernel-bigmem-debugsource-3.0.101-108.52.1
kernel-ppc64-debuginfo-3.0.101-108.52.1
kernel-ppc64-debugsource-3.0.101-108.52.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
kernel-pae-debuginfo-3.0.101-108.52.1
kernel-pae-debugsource-3.0.101-108.52.1
kernel-pae-devel-debuginfo-3.0.101-108.52.1
References:
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1070404
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1088343
https://bugzilla.suse.com/1089386
https://bugzilla.suse.com/1090607
https://bugzilla.suse.com/1091659
https://bugzilla.suse.com/1092497
https://bugzilla.suse.com/1093600
https://bugzilla.suse.com/1093710
https://bugzilla.suse.com/919382
More information about the sle-security-updates
mailing list