SUSE-SU-2019:0470-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Feb 22 10:11:19 MST 2019

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2019:0470-1
Rating:             important
References:         #1012382 #1023175 #1087036 #1094823 #1102875 
                    #1102877 #1102879 #1102882 #1102896 #1106105 
                    #1106929 #1107866 #1109695 #1114893 #1116653 
                    #1119680 #1120722 #1120758 #1120902 #1121726 
                    #1122650 #1122651 #1122779 #1122885 #1123321 
                    #1123323 #1123357 
Cross-References:   CVE-2017-18249 CVE-2019-3459 CVE-2019-3460
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP3

   An update that solves three vulnerabilities and has 24
   fixes is now available.


   The SUSE Linux Enterprise 12 realtime kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid
     function fs/f2fs/node.c, which previously allowed local users to cause a
     denial of service (bnc#1087036).
   - CVE-2019-3459: Fixed remote heap address information leak in use of
     l2cap_get_conf_opt (bnc#1120758).
   - CVE-2019-3460: Fixed remote data leak in multiple location in the
     function l2cap_parse_conf_rsp (bnc#1120758).

   The following non-security bugs were fixed:

   - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
   - Fix problem with sharetransport= and NFSv4 (bsc#1114893).
   - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit
   - Yama: Check for pid death before checking ancestry (bnc#1012382).
   - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git
     fixes (acpi)).
   - acpi/nfit: Block function zero DSMs (bsc#1123321).
   - acpi/nfit: Fix command-supported detection (bsc#1123323).
   - acpi: power: Skip duplicate power resource references in _PRx
   - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
   - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
   - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
   - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
   - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
   - ata: Fix racy link clearance (bsc#1107866).
   - block/loop: Use global lock for ioctl() operation (bnc#1012382).
   - block/swim3: Fix -EBUSY error when re-opening device after unmount
   - Btrfs: tree-check: reduce stack consumption in check_dir_item
   - Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
   - Btrfs: tree-checker: Do not check max block group size as current max
     chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875
     bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
   - Btrfs: tree-checker: Fix misleading group system information
   - Btrfs: validate type when reading a chunk (bnc#1012382).
   - Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
   - can: gw: ensure DLC boundaries after CAN frame modification
   - cifs: Do not hide EINTR after sending network packets (bnc#1012382).
   - cifs: Fix potential OOB access of lock element array (bnc#1012382).
   - clk: imx6q: reset exclusive gates on init (bnc#1012382).
   - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
   - crypto: authencesn - Avoid twice completion call in decrypt path
   - crypto: cts - fix crash on short inputs (bnc#1012382).
   - crypto: user - support incremental algorithm dumps (bsc#1120902).
   - dm crypt: add cryptographic data integrity protection (authenticated
     encryption) (Git-fixes).
   - dm crypt: factor IV constructor out to separate function (Git-fixes).
   - dm crypt: fix crash by adding missing check for auth key size
   - dm crypt: fix error return code in crypt_ctr() (git-fixes).
   - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
   - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
   - dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
   - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
   - dm snapshot: Fix excessive memory usage and workqueue stalls
   - dm: do not allow readahead to limit IO size (git fixes (readahead)).
   - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
   - edac: Raise the maximum number of memory controllers (bsc#1120722).
   - efi/libstub/arm64: Use hidden attribute for struct screen_info reference
   - ext4: Fix crash during online resizing (bsc#1122779).
   - ext4: fix a potential fiemap/page fault deadlock w/ inline_data
   - f2fs: Add sanity_check_inode() function (bnc#1012382).
   - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
   - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
   - f2fs: clean up argument of recover_data (bnc#1012382).
   - f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
   - f2fs: detect wrong layout (bnc#1012382).
   - f2fs: enhance sanity_check_raw_super() to avoid potential overflow
   - f2fs: factor out fsync inode entry operations (bnc#1012382).
   - f2fs: fix inode cache leak (bnc#1012382).
   - f2fs: fix invalid memory access (bnc#1012382).
   - f2fs: fix missing up_read (bnc#1012382).
   - f2fs: fix to avoid reading out encrypted data in page cache
   - f2fs: fix to convert inline directory correctly (bnc#1012382).
   - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
   - f2fs: fix to do sanity check with block address in main area
   - f2fs: fix to do sanity check with block address in main area v2
   - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
   - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
   - f2fs: fix to do sanity check with reserved blkaddr of inline inode
   - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
   - f2fs: fix to do sanity check with user_block_count (bnc#1012382).
   - f2fs: fix validation of the block count in sanity_check_raw_super
   - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
   - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
   - f2fs: introduce and spread verify_blkaddr (bnc#1012382).
   - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
   - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
   - f2fs: not allow to write illegal blkaddr (bnc#1012382).
   - f2fs: put directory inodes before checkpoint in roll-forward recovery
   - f2fs: remove an obsolete variable (bnc#1012382).
   - f2fs: return error during fill_super (bnc#1012382).
   - f2fs: sanity check on sit entry (bnc#1012382).
   - f2fs: use crc and cp version to determine roll-forward recovery
   - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
   - i2c: dev: prevent adapter retries and timeout being set as minus value
   - ibmveth: Do not process frames after calling napi_reschedule
   - ibmvnic: Add ethtool private flag for driver-defined queue limits
   - ibmvnic: Increase maximum queue size limit (bsc#1121726).
   - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
   - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
   - iommu/amd: Fix IOMMU page flush when detach device from a domain
   - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
   - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
   - ip: on queued skb use skb_header_pointer instead of pskb_may_pull
   - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
   - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
     address (bnc#1012382).
   - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
   - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
   - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
   - kabi: reorder new slabinfo fields in struct kmem_cache_node
   - kconfig: fix file name and line number of warn_ignored_character()
   - kconfig: fix memory leak when EOF is encountered in quotation
   - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
   - loop: Fold __loop_release into loop_release (bnc#1012382).
   - loop: Get rid of loop_index_mutex (bnc#1012382).
   - lsm: Check for NULL cred-security on free (bnc#1012382).
   - md: batch flush requests (bsc#1119680).
   - media: em28xx: Fix misplaced reset of dev->v4l::field_count
   - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
   - media: vb2: be sure to unlock mutex on errors (bnc#1012382).
   - media: vb2: vb2_mmap: move lock up (bnc#1012382).
   - media: vivid: fix error handling of kthread_run (bnc#1012382).
   - media: vivid: set min width/height to a value > 0 (bnc#1012382).
   - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
   - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
   - mips: fix n32 compat_ipc_parse_version (bnc#1012382).
   - mm, proc: be more verbose about unstable VMA flags in
     /proc/<pid>/smaps (bnc#1012382).
   - mm, slab: faster active and free stats (bsc#1116653, VM Performance).
   - mm, slab: maintain total slab count instead of active count
     (bsc#1116653, VM Performance).
   - mm/page-writeback.c: do not break integrity writeback on ->writepage()
     error (bnc#1012382).
   - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653,
     VM Performance).
   - mm: only report isolation failures when offlining memory (generic
     hotplug debugability).
   - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
   - net: bridge: fix a bug on using a neighbour cache entry without checking
     its state (bnc#1012382).
   - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
   - net: speed up skb_rbtree_purge() (bnc#1012382).
   - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
   - omap2fb: Fix stack memory disclosure (bsc#1106929)
   - packet: Do not leak dev refcounts on error exit (bnc#1012382).
   - pci: altera: Check link status before retrain link (bnc#1012382).
   - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
   - pci: altera: Move retrain from fixup to altera_pcie_host_init()
   - pci: altera: Poll for link training status after retraining the link
   - pci: altera: Poll for link up status after retraining the link
   - pci: altera: Reorder read/write functions (bnc#1012382).
   - pci: altera: Rework config accessors for use without a struct pci_bus
   - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382).
   - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
   - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
   - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
     hotkey (bnc#1012382).
   - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
   - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores
   - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
   - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
   - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
   - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
   - powerpc/smp: Rework CPU topology construction (bsc#1109695).
   - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
   - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
   - powerpc: Detect the presence of big-cores via "ibm, thread-groups"
   - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores
   - powerpc: make use of for_each_node_by_type() instead of open-coding it
   - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
   - pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
   - r8169: Add support for new Realtek Ethernet (bnc#1012382).
   - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
   - scsi: sd: Fix cache_type_store() (bnc#1012382).
   - scsi: target: use consistent left-aligned ASCII INQUIRY data
   - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
   - selinux: fix GPF on invalid policy (bnc#1012382).
   - slab: alien caches must not be initialized if the allocation of the
     alien cache failed (bnc#1012382).
   - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
   - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
   - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
   - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
   - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
   - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
   - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
   - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
   - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
   - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
   - usb: storage: add quirk for SMI SM3350 (bnc#1012382).
   - usb: storage: do not insert sane sense for SPC3+ when bad sense
     specified (bnc#1012382).
   - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes
   - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP3:

      zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1

Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch):


   - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64):



More information about the sle-security-updates mailing list