SUSE-SU-2018:3084-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Oct 9 10:14:57 MDT 2018


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3084-1
Rating:             important
References:         #1012382 #1042286 #1062604 #1064232 #1065364 
                    #1082519 #1082863 #1084536 #1085042 #1088810 
                    #1089066 #1092903 #1094466 #1095344 #1096547 
                    #1097104 #1099597 #1099811 #1099813 #1099844 
                    #1099845 #1099846 #1099849 #1099863 #1099864 
                    #1099922 #1099993 #1099999 #1100000 #1100001 
                    #1100152 #1102517 #1102715 #1102870 #1103445 
                    #1104319 #1104495 #1105292 #1105296 #1105322 
                    #1105348 #1105396 #1105536 #1106016 #1106095 
                    #1106369 #1106509 #1106511 #1106512 #1106594 
                    #1107689 #1107735 #1107966 #1108239 #1108399 
                    #1109333 
Cross-References:   CVE-2018-10853 CVE-2018-10876 CVE-2018-10877
                    CVE-2018-10878 CVE-2018-10879 CVE-2018-10880
                    CVE-2018-10881 CVE-2018-10882 CVE-2018-10883
                    CVE-2018-10902 CVE-2018-10938 CVE-2018-10940
                    CVE-2018-12896 CVE-2018-13093 CVE-2018-13094
                    CVE-2018-13095 CVE-2018-14617 CVE-2018-14678
                    CVE-2018-15572 CVE-2018-15594 CVE-2018-16276
                    CVE-2018-16658 CVE-2018-17182 CVE-2018-6554
                    CVE-2018-6555 CVE-2018-7480 CVE-2018-7757
                    CVE-2018-9363
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Linux Enterprise Server for SAP 12-SP2
                    SUSE Linux Enterprise Server 12-SP2-LTSS
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Linux Enterprise High Availability 12-SP2
                    SUSE Enterprise Storage 4
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that solves 28 vulnerabilities and has 28 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
   various security and bugfixes.

   - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
     instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
     privilege(CPL) level while emulating unprivileged instructions. An
     unprivileged guest user/process could use this flaw to potentially
     escalate privileges inside guest (bnc#1097104).
   - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem
     code. A use-after-free is possible in ext4_ext_remove_space() function
     when mounting and operating a crafted ext4 image. (bnc#1099811)
   - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
     out-of-bound access in the ext4_ext_drop_refs() function when operating
     on a crafted ext4 filesystem image. (bnc#1099846)
   - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem.
     A local user can cause an out-of-bounds write and a denial of service or
     unspecified other impact is possible by mounting and operating a crafted
     ext4 filesystem image. (bnc#1099813)
   - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem.
     A local user can cause a use-after-free in ext4_xattr_set_entry function
     and a denial of service or unspecified other impact may occur by
     renaming a file in a crafted ext4 filesystem image. (bnc#1099844)
   - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
     write in the ext4 filesystem code when mounting and writing to a crafted
     ext4 image in ext4_update_inline_data(). An attacker could use this to
     cause a system crash and a denial of service. (bnc#1099845)
   - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem.
     A local user can cause an out-of-bound access in ext4_get_group_info
     function, a denial of service, and a system crash by mounting and
     operating on a crafted ext4 filesystem image. (bnc#1099864)
   - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem.
     A local user can cause an out-of-bound write in in fs/jbd2/transaction.c
     code, a denial of service, and a system crash by unmounting a crafted
     ext4 filesystem image. (bnc#1099849)
   - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem.
     A local user can cause an out-of-bounds write in
     jbd2_journal_dirty_metadata(), a denial of service, and a system crash
     by mounting and operating on a crafted ext4 filesystem image.
     (bnc#1099863)
   - CVE-2018-10902: It was found that the raw midi kernel driver did not
     protect against concurrent access which leads to a double realloc
     (double free) in snd_rawmidi_input_params() and
     snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()
     handler in rawmidi.c file. A malicious local attacker could possibly use
     this for privilege escalation (bnc#1105322).
   - CVE-2018-10938: A crafted network packet sent remotely by an attacker
     may force the kernel to enter an infinite loop in the cipso_v4_optptr()
     function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A
     certain non-default configuration of LSM (Linux Security Module) and
     NetLabel should be set up on a system before an attacker could leverage
     this flaw (bnc#1106016).
   - CVE-2018-10940: The cdrom_ioctl_media_changed function in
     drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds
     check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel
     memory (bnc#1092903).
   - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the
     POSIX timer code is caused by the way the overrun accounting works.
     Depending on interval and expiry time values, the overrun can be larger
     than INT_MAX, but the accounting is int based. This basically made the
     accounting values, which are visible to user space via
     timer_getoverrun(2) and siginfo::si_overrun, random. For example, a
     local user can cause a denial of service (signed integer overflow) via
     crafted mmap, futex, timer_create, and timer_settime system calls
     (bnc#1099922).
   - CVE-2018-13093: There is a NULL pointer dereference and panic in
     lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
     corrupted xfs image. This occurs because of a lack of proper validation
     that cached inodes are free during allocation (bnc#1100001).
   - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after
     xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).
   - CVE-2018-13095: A denial of service (memory corruption and BUG) can
     occur for a corrupted xfs image upon encountering an inode that is in
     extent format, but has more extents than fit in the inode fork
     (bnc#1099999).
   - CVE-2018-14617: There is a NULL pointer dereference and panic in
     hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
     purportedly a hard link) in an hfs+ filesystem that has malformed
     catalog data, and is mounted read-only without a metadata directory
     (bnc#1102870).
   - CVE-2018-14678: The xen_failsafe_callback entry point in
     arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed
     local users to cause a denial of service (uninitialized memory usage and
     system crash). Within Xen, 64-bit x86 PV Linux guest OS users can
     trigger a guest OS crash or possibly gain privileges (bnc#1102715).
   - CVE-2018-15572: The spectre_v2_select_mitigation function in
     arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context
     switch, which made it easier for attackers to conduct
     userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).
   - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
     calls, which made it easier for attackers to conduct Spectre-v2 attacks
     against paravirtual guests (bnc#1105348).
   - CVE-2018-16276: Local attackers could use user access read/writes with
     incorrect bounds checking in the yurex USB driver to crash the kernel or
     potentially escalate privileges (bnc#1106095).
   - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in
     drivers/cdrom/cdrom.c could be used by local attackers to read kernel
     memory because a cast from unsigned long to int interferes with bounds
     checking. This is similar to CVE-2018-10940 (bnc#1107689).
   - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
     mishandled sequence number overflows. An attacker can trigger a
     use-after-free (and possibly gain privileges) via certain thread
     creation, map, unmap, invalidation, and dereference operations
     (bnc#1108399).
   - CVE-2018-6554: Memory leak in the irda_bind function in
     net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c
     allowed local users to cause a denial of service (memory consumption) by
     repeatedly binding an AF_IRDA socket (bnc#1106509).
   - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and
     later in drivers/staging/irda/net/af_irda.c allowed local users to cause
     a denial of service (ias_object use-after-free and system crash) or
     possibly have unspecified other impact via an AF_IRDA socket
     (bnc#1106511).
   - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
     drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
     of service (memory consumption) via many read accesses to files in the
     /sys/class/sas_phy directory, as demonstrated by the
     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).
   - CVE-2018-9363: A buffer overflow in bluetooth HID report processing
     could be used by malicious bluetooth devices to crash the kernel or
     potentially execute code (bnc#1105292). The following security bugs were
     fixed:
   - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c
     allowed local users to cause a denial of service (double free) or
     possibly have unspecified other impact by triggering a creation failure
     (bnc#1082863).

   The following non-security bugs were fixed:

   - atm: Preserve value of skb->truesize when accounting to vcc
     (bsc#1089066).
   - bcache: avoid unncessary cache prefetch bch_btree_node_get()
     (bsc#1064232).
   - bcache: calculate the number of incremental GC nodes according to the
     total of btree nodes (bsc#1064232).
   - bcache: display rate debug parameters to 0 when writeback is not running
     (bsc#1064232).
   - bcache: do not check return value of debugfs_create_dir() (bsc#1064232).
   - bcache: finish incremental GC (bsc#1064232).
   - bcache: fix error setting writeback_rate through sysfs interface
     (bsc#1064232).
   - bcache: fix I/O significant decline while backend devices registering
     (bsc#1064232).
   - bcache: free heap cache_set->flush_btree in bch_journal_free
     (bsc#1064232).
   - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch
     section (bsc#1064232).
   - bcache: release dc->writeback_lock properly in bch_writeback_thread()
     (bsc#1064232).
   - bcache: set max writeback rate when I/O request is idle (bsc#1064232).
   - bcache: simplify the calculation of the total amount of flash dirty data
     (bsc#1064232).
   - ext4: check for allocation block validity with block group locked
     (bsc#1104495).
   - ext4: do not update checksum of new initialized bitmaps (bnc#1012382).
   - ext4: fix check to prevent initializing reserved inodes (bsc#1104319).
   - ext4: fix false negatives *and* false positives in
     ext4_check_descriptors() (bsc#1103445).
   - ibmvnic: Include missing return code checks in reset function
     (bnc#1107966).
   - kABI: protect struct x86_emulate_ops (kabi).
   - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)
   - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
     (bnc#1105536).
   - kvm: MMU: always terminate page walks at level 1 (bsc#1062604).
   - kvm: MMU: simplify last_pte_bitmap (bsc#1062604).
   - kvm: nVMX: update last_nonleaf_level when initializing nested EPT
     (bsc#1062604).
   - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
   - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
     (bsc#1106369).
   - net: add skb_condense() helper (bsc#1089066).
   - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066).
   - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066).
   - net: ena: Eliminate duplicate barriers on weakly-ordered archs
     (bsc#1108239).
   - net: ena: fix device destruction to gracefully free resources
     (bsc#1108239).
   - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239).
   - net: ena: fix incorrect usage of memory barriers (bsc#1108239).
   - net: ena: fix missing calls to READ_ONCE (bsc#1108239).
   - net: ena: fix missing lock during device destruction (bsc#1108239).
   - net: ena: fix potential double ena_destroy_device() (bsc#1108239).
   - net: ena: fix surprise unplug NULL dereference kernel crash
     (bsc#1108239).
   - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239).
   - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382
     bsc#1100152).
   - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286).
   - nfs: Use an appropriate work queue for direct-write completion
     (bsc#1082519).
   - ovl: fix random return value on mount (bsc#1099993).
   - ovl: fix uid/gid when creating over whiteout (bsc#1099993).
   - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512).
   - ovl: override creds with the ones from the superblock mounter
     (bsc#1099993).
   - powerpc: Avoid code patching freed init sections (bnc#1107735).
   - powerpc/livepatch: Fix livepatch stack access (bsc#1094466).
   - powerpc/modules: Do not try to restore r2 after a sibling call
     (bsc#1094466).
   - powerpc/tm: Avoid possible userspace r1 corruption on reclaim
     (bsc#1109333).
   - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
   - provide special timeout module parameters for EC2 (bsc#1065364).
   - stop_machine: Atomically queue and wake stopper threads (git-fixes).
   - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
     (bsc#1088810).
   - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).
   - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).
   - x86/speculation/l1tf: Fix off-by-one error when warning that system has
     too much RAM (bnc#1105536).
   - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
     (bnc#1105536).
   - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
     (bnc#1105536).
   - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
     (bsc#1106369).
   - x86: Drop kernel trampoline stack. It is involved in breaking
     kdump/kexec infrastucture. (bsc#1099597)
   - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
   - xen/blkback: do not keep persistent grants too long (bsc#1085042).
   - xen/blkback: move persistent grants flags to bool (bsc#1085042).
   - xen/blkfront: cleanup stale persistent grants (bsc#1085042).
   - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).
   - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).
   - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space
     (bsc#1095344).
   - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).
   - xfs: add a xfs_iext_update_extent helper (bsc#1095344).
   - xfs: add comments documenting the rebalance algorithm (bsc#1095344).
   - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node
     (bsc#1095344).
   - xfs: add xfs_trim_extent (bsc#1095344).
   - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all
     (bsc#1095344).
   - xfs: borrow indirect blocks from freed extent when available
     (bsc#1095344).
   - xfs: cleanup xfs_bmap_last_before (bsc#1095344).
   - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: do not rely on extent indices in xfs_bmap_collapse_extents
     (bsc#1095344).
   - xfs: do not rely on extent indices in xfs_bmap_insert_extents
     (bsc#1095344).
   - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).
   - xfs: during btree split, save new block key & ptr for future insertion
     (bsc#1095344).
   - xfs: factor out a helper to initialize a local format inode fork
     (bsc#1095344).
   - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).
   - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).
   - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).
   - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).
   - xfs: improve kmem_realloc (bsc#1095344).
   - xfs: inline xfs_shift_file_space into callers (bsc#1095344).
   - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).
   - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).
   - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).
   - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real
     (bsc#1095344).
   - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).
   - xfs: move pre/post-bmap tracing into xfs_iext_update_extent
     (bsc#1095344).
   - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).
   - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).
   - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).
   - xfs: move xfs_iext_insert tracepoint to report useful information
     (bsc#1095344).
   - xfs: new inode extent list lookup helpers (bsc#1095344).
   - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).
   - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).
   - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).
   - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).
   - xfs: provide helper for counting extents from if_bytes (bsc#1095344).
   - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: refactor delalloc indlen reservation split into helper
     (bsc#1095344).
   - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).
   - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).
   - xfs: refactor xfs_bunmapi_cow (bsc#1095344).
   - xfs: refactor xfs_del_extent_real (bsc#1095344).
   - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all
     (bsc#1095344).
   - xfs: remove a superflous assignment in xfs_iext_remove_node
     (bsc#1095344).
   - xfs: Remove dead code from inode recover function (bsc#1105396).
   - xfs: remove if_rdev (bsc#1095344).
   - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).
   - xfs: remove support for inlining data/extents into the inode fork
     (bsc#1095344).
   - xfs: remove the never fully implemented UUID fork format (bsc#1095344).
   - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).
   - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).
   - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).
   - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).
   - xfs: remove xfs_bmbt_get_state (bsc#1095344).
   - xfs: remove xfs_bmse_shift_one (bsc#1095344).
   - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).
   - xfs: repair malformed inode items during log recovery (bsc#1105396).
   - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).
   - xfs: replace xfs_qm_get_rtblks with a direct call to
     xfs_bmap_count_leaves (bsc#1095344).
   - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).
   - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent
     (bsc#1095344).
   - xfs: rewrite xfs_bmap_first_unused to make better use of
     xfs_iext_get_extent (bsc#1095344).
   - xfs: simplify the xfs_getbmap interface (bsc#1095344).
   - xfs: simplify validation of the unwritten extent bit (bsc#1095344).
   - xfs: split indlen reservations fairly when under reserved (bsc#1095344).
   - xfs: split xfs_bmap_shift_extents (bsc#1095344).
   - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real
     (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).
   - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).
   - xfs: update freeblocks counter after extent deletion (bsc#1095344).
   - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).
   - xfs: use a b+tree for the in-core extent list (bsc#1095344).
   - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}
     (bsc#1095344).
   - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).
   - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).
   - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).
   - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).
   - xfs: use xfs_bmap_del_extent_delay for the data fork as well
     (bsc#1095344).
   - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents
     (bsc#1095344).
   - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at
     (bsc#1095344).
   - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).
   - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2188=1

   - SUSE Linux Enterprise Server for SAP 12-SP2:

      zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2188=1

   - SUSE Linux Enterprise Server 12-SP2-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2188=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2188=1

   - SUSE Linux Enterprise High Availability 12-SP2:

      zypper in -t patch SUSE-SLE-HA-12-SP2-2018-2188=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2018-2188=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1



Package List:

   - SUSE OpenStack Cloud 7 (s390x x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-base-4.4.121-92.95.1
      kernel-default-base-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      kernel-default-devel-4.4.121-92.95.1
      kernel-syms-4.4.121-92.95.1

   - SUSE OpenStack Cloud 7 (x86_64):

      kgraft-patch-4_4_121-92_95-default-1-3.4.1
      lttng-modules-2.7.1-9.6.1
      lttng-modules-debugsource-2.7.1-9.6.1
      lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
      lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

   - SUSE OpenStack Cloud 7 (noarch):

      kernel-devel-4.4.121-92.95.1
      kernel-macros-4.4.121-92.95.1
      kernel-source-4.4.121-92.95.1

   - SUSE OpenStack Cloud 7 (s390x):

      kernel-default-man-4.4.121-92.95.1

   - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-base-4.4.121-92.95.1
      kernel-default-base-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      kernel-default-devel-4.4.121-92.95.1
      kernel-syms-4.4.121-92.95.1
      kgraft-patch-4_4_121-92_95-default-1-3.4.1

   - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):

      kernel-devel-4.4.121-92.95.1
      kernel-macros-4.4.121-92.95.1
      kernel-source-4.4.121-92.95.1

   - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):

      lttng-modules-2.7.1-9.6.1
      lttng-modules-debugsource-2.7.1-9.6.1
      lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
      lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-base-4.4.121-92.95.1
      kernel-default-base-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      kernel-default-devel-4.4.121-92.95.1
      kernel-syms-4.4.121-92.95.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):

      kgraft-patch-4_4_121-92_95-default-1-3.4.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):

      lttng-modules-2.7.1-9.6.1
      lttng-modules-debugsource-2.7.1-9.6.1
      lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
      lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):

      kernel-devel-4.4.121-92.95.1
      kernel-macros-4.4.121-92.95.1
      kernel-source-4.4.121-92.95.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):

      kernel-default-man-4.4.121-92.95.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-base-4.4.121-92.95.1
      kernel-default-base-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      kernel-default-devel-4.4.121-92.95.1
      kernel-syms-4.4.121-92.95.1
      lttng-modules-2.7.1-9.6.1
      lttng-modules-debugsource-2.7.1-9.6.1
      lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
      lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      kernel-devel-4.4.121-92.95.1
      kernel-macros-4.4.121-92.95.1
      kernel-source-4.4.121-92.95.1

   - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.4.121-92.95.1
      cluster-md-kmp-default-debuginfo-4.4.121-92.95.1
      cluster-network-kmp-default-4.4.121-92.95.1
      cluster-network-kmp-default-debuginfo-4.4.121-92.95.1
      dlm-kmp-default-4.4.121-92.95.1
      dlm-kmp-default-debuginfo-4.4.121-92.95.1
      gfs2-kmp-default-4.4.121-92.95.1
      gfs2-kmp-default-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      ocfs2-kmp-default-4.4.121-92.95.1
      ocfs2-kmp-default-debuginfo-4.4.121-92.95.1

   - SUSE Enterprise Storage 4 (noarch):

      kernel-devel-4.4.121-92.95.1
      kernel-macros-4.4.121-92.95.1
      kernel-source-4.4.121-92.95.1

   - SUSE Enterprise Storage 4 (x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-base-4.4.121-92.95.1
      kernel-default-base-debuginfo-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1
      kernel-default-devel-4.4.121-92.95.1
      kernel-syms-4.4.121-92.95.1
      kgraft-patch-4_4_121-92_95-default-1-3.4.1
      lttng-modules-2.7.1-9.6.1
      lttng-modules-debugsource-2.7.1-9.6.1
      lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1
      lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      kernel-default-4.4.121-92.95.1
      kernel-default-debuginfo-4.4.121-92.95.1
      kernel-default-debugsource-4.4.121-92.95.1


References:

   https://www.suse.com/security/cve/CVE-2018-10853.html
   https://www.suse.com/security/cve/CVE-2018-10876.html
   https://www.suse.com/security/cve/CVE-2018-10877.html
   https://www.suse.com/security/cve/CVE-2018-10878.html
   https://www.suse.com/security/cve/CVE-2018-10879.html
   https://www.suse.com/security/cve/CVE-2018-10880.html
   https://www.suse.com/security/cve/CVE-2018-10881.html
   https://www.suse.com/security/cve/CVE-2018-10882.html
   https://www.suse.com/security/cve/CVE-2018-10883.html
   https://www.suse.com/security/cve/CVE-2018-10902.html
   https://www.suse.com/security/cve/CVE-2018-10938.html
   https://www.suse.com/security/cve/CVE-2018-10940.html
   https://www.suse.com/security/cve/CVE-2018-12896.html
   https://www.suse.com/security/cve/CVE-2018-13093.html
   https://www.suse.com/security/cve/CVE-2018-13094.html
   https://www.suse.com/security/cve/CVE-2018-13095.html
   https://www.suse.com/security/cve/CVE-2018-14617.html
   https://www.suse.com/security/cve/CVE-2018-14678.html
   https://www.suse.com/security/cve/CVE-2018-15572.html
   https://www.suse.com/security/cve/CVE-2018-15594.html
   https://www.suse.com/security/cve/CVE-2018-16276.html
   https://www.suse.com/security/cve/CVE-2018-16658.html
   https://www.suse.com/security/cve/CVE-2018-17182.html
   https://www.suse.com/security/cve/CVE-2018-6554.html
   https://www.suse.com/security/cve/CVE-2018-6555.html
   https://www.suse.com/security/cve/CVE-2018-7480.html
   https://www.suse.com/security/cve/CVE-2018-7757.html
   https://www.suse.com/security/cve/CVE-2018-9363.html
   https://bugzilla.suse.com/1012382
   https://bugzilla.suse.com/1042286
   https://bugzilla.suse.com/1062604
   https://bugzilla.suse.com/1064232
   https://bugzilla.suse.com/1065364
   https://bugzilla.suse.com/1082519
   https://bugzilla.suse.com/1082863
   https://bugzilla.suse.com/1084536
   https://bugzilla.suse.com/1085042
   https://bugzilla.suse.com/1088810
   https://bugzilla.suse.com/1089066
   https://bugzilla.suse.com/1092903
   https://bugzilla.suse.com/1094466
   https://bugzilla.suse.com/1095344
   https://bugzilla.suse.com/1096547
   https://bugzilla.suse.com/1097104
   https://bugzilla.suse.com/1099597
   https://bugzilla.suse.com/1099811
   https://bugzilla.suse.com/1099813
   https://bugzilla.suse.com/1099844
   https://bugzilla.suse.com/1099845
   https://bugzilla.suse.com/1099846
   https://bugzilla.suse.com/1099849
   https://bugzilla.suse.com/1099863
   https://bugzilla.suse.com/1099864
   https://bugzilla.suse.com/1099922
   https://bugzilla.suse.com/1099993
   https://bugzilla.suse.com/1099999
   https://bugzilla.suse.com/1100000
   https://bugzilla.suse.com/1100001
   https://bugzilla.suse.com/1100152
   https://bugzilla.suse.com/1102517
   https://bugzilla.suse.com/1102715
   https://bugzilla.suse.com/1102870
   https://bugzilla.suse.com/1103445
   https://bugzilla.suse.com/1104319
   https://bugzilla.suse.com/1104495
   https://bugzilla.suse.com/1105292
   https://bugzilla.suse.com/1105296
   https://bugzilla.suse.com/1105322
   https://bugzilla.suse.com/1105348
   https://bugzilla.suse.com/1105396
   https://bugzilla.suse.com/1105536
   https://bugzilla.suse.com/1106016
   https://bugzilla.suse.com/1106095
   https://bugzilla.suse.com/1106369
   https://bugzilla.suse.com/1106509
   https://bugzilla.suse.com/1106511
   https://bugzilla.suse.com/1106512
   https://bugzilla.suse.com/1106594
   https://bugzilla.suse.com/1107689
   https://bugzilla.suse.com/1107735
   https://bugzilla.suse.com/1107966
   https://bugzilla.suse.com/1108239
   https://bugzilla.suse.com/1108399
   https://bugzilla.suse.com/1109333



More information about the sle-updates mailing list