SUSE-SU-2019:13937-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jan 29 10:39:31 MST 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:13937-1
Rating:             important
References:         #1031240 #1039803 #1066674 #1071021 #1094186 
                    #1094825 #1104070 #1104366 #1104367 #1107189 
                    #1108498 #1109200 #1113201 #1113751 #1113769 
                    #1114920 #1115007 #1115038 #1116412 #1116841 
                    #1117515 #1118152 #1118319 #1119255 #1119714 
                    #1120743 #905299 #936875 #968018 #990682 
                    
Cross-References:   CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273
                    CVE-2018-18281 CVE-2018-18386 CVE-2018-18710
                    CVE-2018-19407 CVE-2018-19824 CVE-2018-19985
                    CVE-2018-20169 CVE-2018-9516 CVE-2018-9568
                   
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 18 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,
     there is a possible out of bounds write due to a missing bounds check.
     This could lead to local escalation of privilege with System execution
     privileges needed. User interaction is not needed for exploitation
     (bnc#1108498).
   - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
     allowed local users to cause a denial of service (NULL pointer
     dereference and BUG) via crafted system calls that reach a situation
     where ioapic is uninitialized (bnc#1116841).
   - CVE-2018-19985: The function hso_probe read if_num from the USB device
     (as an u8) and used it without a length check to index an array,
     resulting in an OOB memory read in hso_probe or hso_get_config_data that
     could be used by local attackers (bnc#1120743).
   - CVE-2018-20169: The USB subsystem mishandled size checks during the
     reading of an extra descriptor, related to __usb_get_extra_descriptor in
     drivers/usb/core/usb.c (bnc#1119714).
   - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
     corruption due to type confusion. This could lead to local escalation of
     privilege with no additional execution privileges needed. User
     interaction is not needed for exploitation (bnc#1118319).
   - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
     driver by supplying a malicious USB Sound device (with zero interfaces)
     that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
   - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
     pagetable locks. If a syscall such as ftruncate() removes entries from
     the pagetables of a task that is in the middle of mremap(), a stale TLB
     entry can remain for a short time that permits access to a physical page
     after it has been released back to the page allocator and reused
     (bnc#1113769).
   - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
     drivers/cdrom/cdrom.c could be used by local attackers to read kernel
     memory because a cast from unsigned long to int interferes with bounds
     checking. This is similar to CVE-2018-10940 and CVE-2018-16658
     (bnc#1113751).
   - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
     able to access pseudo terminals) to hang/block further usage of any
     pseudo terminal devices due to an EXTPROC versus ICANON confusion in
     TIOCINQ (bnc#1094825).
   - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c
     allowed physically proximate attackers to cause a denial of service
     (integer underflow) or possibly have unspecified other impact via a
     crafted HID report (bnc#1031240).
   - CVE-2017-16533: The usbhid_parse function in
     drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
     service (out-of-bounds read and system crash) or possibly have
     unspecified other impact via a crafted USB device (bnc#1066674).
   - CVE-2017-1000407: Fixed a denial of service, which was caused by
     flooding the diagnostic port 0x80 an exception leading to a kernel panic
     (bnc#1071021).

   The following non-security bugs were fixed:

   - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018,
     bsc#1104366).
   - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
     (bsc#1119255).
   - Drivers: scsi: storvsc: Change the limits to reflect the values on the
     host (bug#1107189).
   - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
     (bug#1107189).
   - Drivers: scsi: storvsc: Filter commands based on the storage protocol
     version (bug#1107189).
   - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
     (bug#1107189).
   - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189).
   - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by
     the Host (bug#1107189).
   - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189).
   - EHCI: improved logic for isochronous scheduling (bsc#1117515).
   - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070).
   - KEYS: prevent creating a different user's keyrings (bnc#1094186).
   - KVM: x86: Fix the duplicate failure path handling in vmx_init
     (bsc#1104367).
   - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412).
   - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads
     (bsc#1116412).
   - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070).
   - NFS: avoid deadlocks with loop-back mounted NFS filesystems
     (bsc#1116412).
   - NFS: avoid waiting at all in nfs_release_page when congested
     (bsc#1116412).
   - NFS: Do not write enable new pages while an invalidation is proceeding
     (bsc#1116412).
   - NFS: Fix a regression in the read() syscall (bsc#1116412).
   - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412).
   - NFS: fix the handling of NFS_INO_INVALID_DATA flag in
     nfs_revalidate_mapping (bsc#1116412).
   - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412).
   - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
   - reiserfs: fix race in readdir (bsc#1039803).
   - sched, isolcpu: make cpu_isolated_map visible outside scheduler
     (bsc#1119255).
   - scsi: storvsc: Always send on the selected outgoing channel
     (bug#1107189).
   - scsi: storvsc: Do not assume that the scatterlist is not chained
     (bug#1107189).
   - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189).
   - scsi: storvsc: Increase the ring buffer size (bug#1107189).
   - scsi: storvsc: Size the queue depth based on the ringbuffer size
     (bug#1107189).
   - storvsc: fix a bug in storvsc limits (bug#1107189).
   - storvsc: force discovery of LUNs that may have been removed
     (bug#1107189).
   - storvsc: get rid of overly verbose warning messages (bug#1107189).
   - storvsc: in responce to a scan event, scan the host (bug#1107189).
   - storvsc: Set the SRB flags correctly when no data transfer is needed
     (bug#1107189).
   - udp: ipv4: Add udp early demux (bsc#1104070).
   - udp: restore UDPlite many-cast delivery (bsc#1104070).
   - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070).
   - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver
     (bsc#1104070).
   - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515).
   - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515).
   - USB: EHCI: add symbolic constants for QHs (bsc#1117515).
   - USB: EHCI: always scan each interrupt QH (bsc#1117515).
   - USB: EHCI: do not lose events during a scan (bsc#1117515).
   - USB: EHCI: do not refcount iso_stream structures (bsc#1117515).
   - USB: EHCI: do not refcount QHs (bsc#1117515).
   - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515).
   - USB: EHCI: fix up locking (bsc#1117515).
   - USB: EHCI: initialize data before resetting hardware (bsc#1117515).
   - USB: EHCI: introduce high-res timer (bsc#1117515).
   - USB: EHCI: remove PS3 status polling (bsc#1117515).
   - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515).
   - USB: EHCI: rename "reclaim" (bsc#1117515).
   - USB: EHCI: resolve some unlikely races (bsc#1117515).
   - USB: EHCI: return void instead of 0 (bsc#1117515).
   - USB: EHCI: simplify isochronous scanning (bsc#1117515).
   - USB: EHCI: unlink multiple async QHs together (bsc#1117515).
   - USB: EHCI: use hrtimer for async schedule (bsc#1117515).
   - USB: EHCI: use hrtimer for controller death (bsc#1117515).
   - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515).
   - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515).
   - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515).
   - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515).
   - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515).
   - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515).
   - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
   - XFS: stop searching for free slots in an inode chunk when there are none
     (bsc#1115007).
   - XFS: validate sb_logsunit is a multiple of the fs blocksize
     (bsc#1115038).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-20190123-13937=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-20190123-13937=1



Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.106.59.1
      kernel-default-base-3.0.101-0.47.106.59.1
      kernel-default-devel-3.0.101-0.47.106.59.1
      kernel-source-3.0.101-0.47.106.59.1
      kernel-syms-3.0.101-0.47.106.59.1
      kernel-trace-3.0.101-0.47.106.59.1
      kernel-trace-base-3.0.101-0.47.106.59.1
      kernel-trace-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.106.59.1
      kernel-ec2-base-3.0.101-0.47.106.59.1
      kernel-ec2-devel-3.0.101-0.47.106.59.1
      kernel-xen-3.0.101-0.47.106.59.1
      kernel-xen-base-3.0.101-0.47.106.59.1
      kernel-xen-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.106.59.1
      kernel-bigsmp-base-3.0.101-0.47.106.59.1
      kernel-bigsmp-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.106.59.1
      kernel-pae-base-3.0.101-0.47.106.59.1
      kernel-pae-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.106.59.1
      kernel-trace-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.106.59.1
      kernel-default-base-3.0.101-0.47.106.59.1
      kernel-default-devel-3.0.101-0.47.106.59.1
      kernel-ec2-3.0.101-0.47.106.59.1
      kernel-ec2-base-3.0.101-0.47.106.59.1
      kernel-ec2-devel-3.0.101-0.47.106.59.1
      kernel-pae-3.0.101-0.47.106.59.1
      kernel-pae-base-3.0.101-0.47.106.59.1
      kernel-pae-devel-3.0.101-0.47.106.59.1
      kernel-source-3.0.101-0.47.106.59.1
      kernel-syms-3.0.101-0.47.106.59.1
      kernel-trace-3.0.101-0.47.106.59.1
      kernel-trace-base-3.0.101-0.47.106.59.1
      kernel-trace-devel-3.0.101-0.47.106.59.1
      kernel-xen-3.0.101-0.47.106.59.1
      kernel-xen-base-3.0.101-0.47.106.59.1
      kernel-xen-devel-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.106.59.1
      kernel-default-debugsource-3.0.101-0.47.106.59.1
      kernel-trace-debuginfo-3.0.101-0.47.106.59.1
      kernel-trace-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.106.59.1
      kernel-ec2-debugsource-3.0.101-0.47.106.59.1
      kernel-xen-debuginfo-3.0.101-0.47.106.59.1
      kernel-xen-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.106.59.1
      kernel-bigsmp-debugsource-3.0.101-0.47.106.59.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.106.59.1
      kernel-pae-debugsource-3.0.101-0.47.106.59.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000407.html
   https://www.suse.com/security/cve/CVE-2017-16533.html
   https://www.suse.com/security/cve/CVE-2017-7273.html
   https://www.suse.com/security/cve/CVE-2018-18281.html
   https://www.suse.com/security/cve/CVE-2018-18386.html
   https://www.suse.com/security/cve/CVE-2018-18710.html
   https://www.suse.com/security/cve/CVE-2018-19407.html
   https://www.suse.com/security/cve/CVE-2018-19824.html
   https://www.suse.com/security/cve/CVE-2018-19985.html
   https://www.suse.com/security/cve/CVE-2018-20169.html
   https://www.suse.com/security/cve/CVE-2018-9516.html
   https://www.suse.com/security/cve/CVE-2018-9568.html
   https://bugzilla.suse.com/1031240
   https://bugzilla.suse.com/1039803
   https://bugzilla.suse.com/1066674
   https://bugzilla.suse.com/1071021
   https://bugzilla.suse.com/1094186
   https://bugzilla.suse.com/1094825
   https://bugzilla.suse.com/1104070
   https://bugzilla.suse.com/1104366
   https://bugzilla.suse.com/1104367
   https://bugzilla.suse.com/1107189
   https://bugzilla.suse.com/1108498
   https://bugzilla.suse.com/1109200
   https://bugzilla.suse.com/1113201
   https://bugzilla.suse.com/1113751
   https://bugzilla.suse.com/1113769
   https://bugzilla.suse.com/1114920
   https://bugzilla.suse.com/1115007
   https://bugzilla.suse.com/1115038
   https://bugzilla.suse.com/1116412
   https://bugzilla.suse.com/1116841
   https://bugzilla.suse.com/1117515
   https://bugzilla.suse.com/1118152
   https://bugzilla.suse.com/1118319
   https://bugzilla.suse.com/1119255
   https://bugzilla.suse.com/1119714
   https://bugzilla.suse.com/1120743
   https://bugzilla.suse.com/905299
   https://bugzilla.suse.com/936875
   https://bugzilla.suse.com/968018
   https://bugzilla.suse.com/990682



More information about the sle-security-updates mailing list