SUSE-SU-2021:0737-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Mar 9 21:25:25 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:0737-1
Rating:             important
References:         #1065600 #1163617 #1170442 #1176855 #1179082 
                    #1179428 #1179660 #1180058 #1180262 #1180964 
                    #1181671 #1181747 #1181753 #1181843 #1181854 
                    #1182047 #1182130 #1182140 #1182175 
Cross-References:   CVE-2020-29368 CVE-2020-29374 CVE-2021-26930
                    CVE-2021-26931 CVE-2021-26932
CVSS scores:
                    CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29374 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-29374 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-26930 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-26930 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-26931 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-26931 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2021-26932 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-26932 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE Manager Server 4.0
                    SUSE Manager Retail Branch Server 4.0
                    SUSE Manager Proxy 4.0
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has 14 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 15 SP1 kernel was updated receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2021-26930: Fixed an improper error handling in blkback's grant
     mapping (XSA-365 bsc#1181843).
   - CVE-2021-26931: Fixed an issue where Linux  kernel was treating grant
     mapping errors as bugs (XSA-362 bsc#1181753).
   - CVE-2021-26932: Fixed improper error handling issues in Linux grant
     mapping (XSA-361 bsc#1181747). by remote attackers to read or write
     files via directory traversal in an XCOPY request (bsc#178372).
   - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write
     implementation which could have granted unintended write access because
     of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

   The following non-security bugs were fixed:

   - btrfs: Cleanup try_flush_qgroup (bsc#1182047).
   - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata
     (bsc#1182047).
   - btrfs: fix data bytes_may_use underflow with fallocate due to failed
     quota reserve (bsc#1182130)
   - btrfs: Free correct amount of space in
     btrfs_delayed_inode_reserve_metadata (bsc#1182047).
   - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata
     (bsc#1182047).
   - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata
     (bsc#1182047).
   - btrfs: Unlock extents in btrfs_zero_range in case of errors
     (bsc#1182047).
   - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
     (git-fixes).
   - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
   - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist
     (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do
     not include ghost symlinks (boo#1179082).")
   - libnvdimm/dimm: Avoid race between probe and available_slots_show()
     (bsc#1170442).
   - net: bcmgenet: add support for ethtool rxnfc flows (git-fixes).
   - net: bcmgenet: code movement (git-fixes).
   - net: bcmgenet: fix mask check in bcmgenet_validate_flow() (git-fixes).
   - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
   - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
   - net: bcmgenet: set Rx mode before starting netif (git-fixes).
   - net: bcmgenet: use __be16 for htons(ETH_P_IP) (git-fixes).
   - net: bcmgenet: Use correct I/O accessors (git-fixes).
   - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
   - net/mlx4_en: Handle TX error CQE (bsc#1181854).
   - net: moxa: Fix a potential double 'free_irq()' (git-fixes).
   - net: sun: fix missing release regions in cas_init_one() (git-fixes).
   - nvme-multipath: Early exit if no path is available (bsc#1180964).
   - rpm/post.sh: Avoid purge-kernel for the first installed kernel
     (bsc#1180058)
   - scsi: target: fix unmap_zeroes_data boolean initialisation (bsc#1163617).
   - usb: dwc2: Abort transaction after errors with unknown reason
     (bsc#1180262).
   - usb: dwc2: Do not update data length if it is 0 on inbound transfers
     (bsc#1180262).
   - usb: dwc2: Make "trimming xfer length" a debug message (bsc#1180262).
   - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
   - xen/netback: avoid race in xenvif_rx_ring_slots_available()
     (bsc#1065600).
   - xen/netback: fix spurious event detection for common event case
     (bsc#1182175).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1

   - SUSE Manager Retail Branch Server 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1

   - SUSE Manager Proxy 4.0:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-737=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Manager Server 4.0 (ppc64le s390x x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Manager Server 4.0 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Manager Server 4.0 (s390x):

      kernel-default-man-4.12.14-197.86.1
      kernel-zfcpdump-debuginfo-4.12.14-197.86.1
      kernel-zfcpdump-debugsource-4.12.14-197.86.1

   - SUSE Manager Retail Branch Server 4.0 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Manager Retail Branch Server 4.0 (x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Manager Proxy 4.0 (x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Manager Proxy 4.0 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

      kernel-default-man-4.12.14-197.86.1
      kernel-zfcpdump-debuginfo-4.12.14-197.86.1
      kernel-zfcpdump-debugsource-4.12.14-197.86.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-livepatch-4.12.14-197.86.1
      kernel-default-livepatch-devel-4.12.14-197.86.1
      kernel-livepatch-4_12_14-197_86-default-1-3.3.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-197.86.1
      cluster-md-kmp-default-debuginfo-4.12.14-197.86.1
      dlm-kmp-default-4.12.14-197.86.1
      dlm-kmp-default-debuginfo-4.12.14-197.86.1
      gfs2-kmp-default-4.12.14-197.86.1
      gfs2-kmp-default-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      ocfs2-kmp-default-4.12.14-197.86.1
      ocfs2-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1

   - SUSE Enterprise Storage 6 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE CaaS Platform 4.0 (noarch):

      kernel-devel-4.12.14-197.86.1
      kernel-docs-4.12.14-197.86.1
      kernel-macros-4.12.14-197.86.1
      kernel-source-4.12.14-197.86.1

   - SUSE CaaS Platform 4.0 (x86_64):

      kernel-default-4.12.14-197.86.1
      kernel-default-base-4.12.14-197.86.1
      kernel-default-base-debuginfo-4.12.14-197.86.1
      kernel-default-debuginfo-4.12.14-197.86.1
      kernel-default-debugsource-4.12.14-197.86.1
      kernel-default-devel-4.12.14-197.86.1
      kernel-default-devel-debuginfo-4.12.14-197.86.1
      kernel-obs-build-4.12.14-197.86.1
      kernel-obs-build-debugsource-4.12.14-197.86.1
      kernel-syms-4.12.14-197.86.1
      reiserfs-kmp-default-4.12.14-197.86.1
      reiserfs-kmp-default-debuginfo-4.12.14-197.86.1


References:

   https://www.suse.com/security/cve/CVE-2020-29368.html
   https://www.suse.com/security/cve/CVE-2020-29374.html
   https://www.suse.com/security/cve/CVE-2021-26930.html
   https://www.suse.com/security/cve/CVE-2021-26931.html
   https://www.suse.com/security/cve/CVE-2021-26932.html
   https://bugzilla.suse.com/1065600
   https://bugzilla.suse.com/1163617
   https://bugzilla.suse.com/1170442
   https://bugzilla.suse.com/1176855
   https://bugzilla.suse.com/1179082
   https://bugzilla.suse.com/1179428
   https://bugzilla.suse.com/1179660
   https://bugzilla.suse.com/1180058
   https://bugzilla.suse.com/1180262
   https://bugzilla.suse.com/1180964
   https://bugzilla.suse.com/1181671
   https://bugzilla.suse.com/1181747
   https://bugzilla.suse.com/1181753
   https://bugzilla.suse.com/1181843
   https://bugzilla.suse.com/1181854
   https://bugzilla.suse.com/1182047
   https://bugzilla.suse.com/1182130
   https://bugzilla.suse.com/1182140
   https://bugzilla.suse.com/1182175



More information about the sle-security-updates mailing list