Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2278 SUSE Security Update: Security update for the Linux Kernel 11 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: SUSE Operating System: SUSE Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-1000380 CVE-2017-1000365 CVE-2017-1000363 CVE-2017-11473 CVE-2017-11176 CVE-2017-9242 CVE-2017-9077 CVE-2017-9076 CVE-2017-9075 CVE-2017-9074 CVE-2017-8925 CVE-2017-8924 CVE-2017-8890 CVE-2017-7542 CVE-2017-7533 CVE-2017-7487 CVE-2017-7482 CVE-2017-6951 CVE-2017-2647 CVE-2016-10277 CVE-2014-9922 Reference: ASB-2017.0141 ASB-2017.0032 ESB-2017.2233 ESB-2017.2214 Original Bulletin: https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2389-1 Rating: important References: #1000365 #1000380 #1012422 #1013018 #1015452 #1023051 #1029140 #1029850 #1030552 #1030593 #1030814 #1032340 #1032471 #1034026 #1034670 #1035576 #1035721 #1035777 #1035920 #1036056 #1036288 #1036629 #1037191 #1037193 #1037227 #1037232 #1037233 #1037356 #1037358 #1037359 #1037441 #1038544 #1038879 #1038981 #1038982 #1039258 #1039354 #1039456 #1039594 #1039882 #1039883 #1039885 #1040069 #1040351 #1041160 #1041431 #1041762 #1041975 #1042045 #1042615 #1042633 #1042687 #1042832 #1042863 #1043014 #1043234 #1043935 #1044015 #1044125 #1044216 #1044230 #1044854 #1044882 #1044913 #1045154 #1045356 #1045416 #1045479 #1045487 #1045525 #1045538 #1045547 #1045615 #1046107 #1046192 #1046715 #1047027 #1047053 #1047343 #1047354 #1047487 #1047523 #1047653 #1048185 #1048221 #1048232 #1048275 #1049128 #1049483 #1049603 #1049688 #1049882 #1050154 #1050431 #1051478 #1051515 #1051770 #1055680 #784815 #792863 #799133 #909618 #919382 #928138 #938352 #943786 #948562 #962257 #971975 #972891 #986924 #990682 #995542 Cross-References: CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 92 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the "lp" parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type (bnc#1029850) The following non-security bugs were fixed: - 8250: use callbacks to access UART_DLL/UART_DLM. - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538). - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#1045538). - ALSA: hda - using uninitialized data (bsc#1045538). - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop (bsc#1045538). - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup (bsc#1045538). - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538). - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538). - Add CVE tag to references - CIFS: backport prepath matching fix (bsc#799133). - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128). - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr(). - Fix scripts/bigmem-generate-ifdef-guard to work on all branches - Fix soft lockup in svc_rdma_send (bsc#1044854). - IB/mlx4: Demote mcg message from warning to debug (bsc#919382). - IB/mlx4: Fix ib device initialization error flow (bsc#919382). - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382). - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382). - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level (bsc#919382). - IB/mlx4: Set traffic class in AH (bsc#919382). - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation (bsc#1036288). - Input: cm109 - validate number of endpoints before using them (bsc#1037193). - Input: hanwang - validate number of endpoints before using them (bsc#1037232). - Input: yealink - validate number of endpoints before using them (bsc#1037227). - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - NFS: Avoid getting confused by confused server (bsc#1045416). - NFS: Fix another OPEN_DOWNGRADE bug (git-next). - NFS: Fix size of NFSACL SETACL operations (git-fixes). - NFS: Make nfs_readdir revalidate less often (bsc#1048232). - NFS: tidy up nfs_show_mountd_netid (git-fixes). - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688 bsc#1051770). - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes). - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes). - NFSv4: Fix problems with close in the presence of a delegation (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix getacl head length estimation (git-fixes). - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes). - Remove superfluous make flags (bsc#1012422) - Return short read or 0 at end of a raw device, not EIO (bsc#1039594). - Revert "math64: New div64_u64_rem helper" (bnc#938352). - SUNRPC: Fix a memory leak in the backchannel code (git-fixes). - Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd() (bsc#1045479). - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288). - USB: class: usbtmc: do not print error when allocating urb fails (bsc#1036288). - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288). - USB: iowarrior: fix NULL-deref in write (bsc#1037359). - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441). - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053). - USB: serial: ark3116: fix register-accessor error handling (git-fixes). - USB: serial: ch341: fix open error handling (bsc#1037441). - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441). - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441). - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441). - USB: serial: io_ti: fix information leak in completion handler (git-fixes). - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026). - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441). - USB: serial: sierra: fix bogus alternate-setting assumption (bsc#1037441). - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441). - USB: usbip: fix nonconforming hub descriptor (bsc#1047487). - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288). - USB: usbtmc: Change magic number to constant (bsc#1036288). - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288). - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288). - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288). - USB: usbtmc: add missing endpoint sanity check (bsc#1036288). - USB: usbtmc: fix DMA on stack (bsc#1036288). - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288). - USB: usbtmc: fix probe error path (bsc#1036288). - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk (bsc#1036288). - USB: wusbcore: fix NULL-deref at probe (bsc#1045487). - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854). - Use make --output-sync feature when available (bsc#1012422). - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924). - __bitmap_parselist: fix bug in empty string handling (bnc#1042633). - acpi: Disable APEI error injection if securelevel is set (bsc#972891, bsc#1023051). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - ath9k: fix buffer overrun for ar9287 (bsc#1045538). - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU (bsc#1035721). - blacklist.conf: Add a few inapplicable items (bsc#1045538). - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it') The released kernels are not build with a gas new enough to optimize the jmps so that this patch would be required. (bsc#1051478) - blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: fix ext_dev_lock lockdep report (bsc#1050154). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - cifs: Timeout on SMBNegotiate request (bsc#1044913). - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bsc#1041975). backporting upstream commit 2f2591a34db6c9361faa316c91a6e320cb4e6aee - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935). - cputime: Avoid multiplication overflow on utime scaling (bnc#938352). - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863). - decompress_bunzip2: off by one in get_next_block() (git-fixes). - dentry name snapshots (bsc#1049483). - devres: fix a for loop bounds check (git-fixes). - dm: fix ioctl retry termination with signal (bsc#1050154). - drm/mgag200: Add support for G200eH3 (bnc#1044216) - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix fdatasync(2) after extent manipulation operations (bsc#1013018). - ext4: keep existing extra fields when inode expands (bsc#1013018). - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762). - firmware: fix directory creation rule matching with make 3.80 (bsc#1012422). - firmware: fix directory creation rule matching with make 3.82 (bsc#1012422). - fixed invalid assignment of 64bit mask to host dma_boundary for scatter gather segment boundary limit (bsc#1042045). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic: Using rport->dd_data to check rport online instead of rport_lookup (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (bsc#1013018). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fuse: add missing FR_FORCE (bsc#1013018). - genirq: Prevent proc race against freeing of irq descriptors (bnc#1044230). - hrtimer: Allow concurrent hrtimer_start() for self restarting timers (bnc#1013018). - initial cr0 bits (bnc#1036056, LTC#153612). - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route (git-fixes). - irq: Fix race condition (bsc#1042615). - isdn/gigaset: fix NULL-deref at probe (bsc#1037356). - isofs: Do not return EACCES for unknown filesystems (bsc#1013018). - jsm: add support for additional Neo cards (bsc#1045615). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - libata: fix sff host state machine locking while polling (bsc#1045525). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1051515). - libfc: fixup locking in fc_disc_stop() (bsc#1029140). - libfc: move 'pending' and 'requested' setting (bsc#1029140). - libfc: only restart discovery after timeout if not already running (bsc#1029140). - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018). - math64: New div64_u64_rem helper (bnc#938352). - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes). - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (git-fixes). - md/raid1: fix test for 'was read error from last working device' (git-fixes). - md/raid5: Fix CPU hotplug callback registration (git-fixes). - md/raid5: do not record new size if resize_stripes fails (git-fixes). - md: ensure md devices are freed before module is unloaded (git-fixes). - md: fix a null dereference (bsc#1040351). - md: flush ->event_work before stopping array (git-fixes). - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status (git-fixes). - md: use separate bio_pool for metadata writes (bsc#1040351). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154). - mlx4: reduce OOM risk on arches with large pages (bsc#919382). - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM Functionality, bsc#1042832). - mm/memory-failure.c: use compound_head() flags for huge pages (bnc#971975 VM -- git fixes). - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM Functionality, bsc#1042832). - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore (bsc#1045547). - mmc: ushc: fix NULL-deref at probe (bsc#1037191). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185). - net/mlx4: Fix the check in attaching steering rules (bsc#919382). - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering (bsc#919382). - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV (bsc#919382). - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to physical (bsc#919382). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bsc#919382). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#919382). - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382). - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#919382). - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach (bsc#919382). - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382). - net/mlx4_en: Change the error print to debug print (bsc#919382). - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382). - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382). - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382). - net: avoid reference counter overflows on fib_rules in multicast forwarding (git-fixes). - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes). - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes). - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bnc#784815). - nfs: fix nfs_size_to_loff_t (git-fixes). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018). - perf/core: Fix event inheritance on fork() (bnc#1013018). - powerpc/ibmebus: Fix device reference leaks in sysfs interface (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid() (bsc#1032471). - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471). - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471). - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID (bsc#1032471). - powerpc/mm/hash: Support 68 bit VA (bsc#1032471). - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471). - powerpc/mm/slice: Convert slice_mask high slice to a bitmap (bsc#1032471). - powerpc/mm/slice: Fix off-by-1 error when computing slice mask (bsc#1032471). - powerpc/mm/slice: Move slice_mask struct definition to slice.c (bsc#1032471). - powerpc/mm/slice: Update slice mask printing to use bitmap printing (bsc#1032471). - powerpc/mm/slice: Update the function prototype (bsc#1032471). - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET (bsc#928138). - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small (bsc#1032471). - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital (bsc#1032471). - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes). - powerpc/pseries: Release DRC when configure_connector fails (bsc#1035777, Pending Base Kernel Fixes). - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471). - powerpc: Remove STAB code (bsc#1032471). - random32: fix off-by-one in seeding requirement (git-fixes). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192). - s390/qdio: clear DSCI prior to scanning multiple input queues (bnc#1046715, LTC#156234). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276). - sched/core: Remove false-positive warning from wake_up_process() (bnc#1044882). - sched/cputime: Do not scale when utime == 0 (bnc#938352). - sched/debug: Print the scheduler topology group mask (bnc#1013018). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018). - sched/fair: Fix min_vruntime tracking (bnc#1013018). - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched/topology: Fix building of overlapping sched-groups (bnc#1013018). - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018). - sched/topology: Fix overlapping sched_group_mask (bnc#1013018). - sched/topology: Move comment about asymmetric node setups (bnc#1013018). - sched/topology: Optimize build_group_mask() (bnc#1013018). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1013018). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018). - sched/topology: Verify the first group matches the child domain (bnc#1013018). - sched: Always initialize cpu-power (bnc#1013018). - sched: Avoid cputime scaling overflow (bnc#938352). - sched: Avoid prev->stime underflow (bnc#938352). - sched: Do not account bogus utime (bnc#938352). - sched: Fix SD_OVERLAP (bnc#1013018). - sched: Fix domain iteration (bnc#1013018). - sched: Lower chances of cputime scaling overflow (bnc#938352). - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity' (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime tracking - sched: Rename a misleading variable in build_overlap_sched_groups() (bnc#1013018). - sched: Use swap() macro in scale_stime() (bnc#938352). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: fix race between simultaneous decrements of ->host_failed (bsc#1050154). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: mvsas: fix command_active typo (bsc#1050154). - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init (bsc#1050154). - sfc: do not device_attach if a reset is pending (bsc#909618). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - splice: Stub splice_write_to_file (bsc#1043234). - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes). - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018). - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018). - udf: Fix races with i_size changes during readpage (bsc#1013018). - usbtmc: remove redundant braces (bsc#1036288). - usbtmc: remove trailing spaces (bsc#1036288). - usbvision: fix NULL-deref at probe (bsc#1050431). - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233). - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629). - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431). - vmxnet3: avoid calling pskb_may_pull with interrupts disabled (bsc#1045356). - vmxnet3: fix checks for dma mapping errors (bsc#1045356). - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356). - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression greater than 0 (bsc#1051478). - xen: avoid deadlock in xenbus (bnc#1047523). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814). - xfs: Synchronize xfs_buf disposal routines (bsc#1041160). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13274=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13274=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13274=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-13274=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-kernel-13274=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13274=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.7.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.7.1 kernel-default-base-3.0.101-108.7.1 kernel-default-devel-3.0.101-108.7.1 kernel-source-3.0.101-108.7.1 kernel-syms-3.0.101-108.7.1 kernel-trace-3.0.101-108.7.1 kernel-trace-base-3.0.101-108.7.1 kernel-trace-devel-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.7.1 kernel-ec2-base-3.0.101-108.7.1 kernel-ec2-devel-3.0.101-108.7.1 kernel-xen-3.0.101-108.7.1 kernel-xen-base-3.0.101-108.7.1 kernel-xen-devel-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.7.1 kernel-bigmem-base-3.0.101-108.7.1 kernel-bigmem-devel-3.0.101-108.7.1 kernel-ppc64-3.0.101-108.7.1 kernel-ppc64-base-3.0.101-108.7.1 kernel-ppc64-devel-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.7.1 kernel-pae-base-3.0.101-108.7.1 kernel-pae-devel-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.7.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.7.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14 drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13 gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14 gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14 ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14 cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14 drbd-8.4.4-0.27.2.1 drbd-bash-completion-8.4.4-0.27.2.1 drbd-heartbeat-8.4.4-0.27.2.1 drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13 drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13 drbd-pacemaker-8.4.4-0.27.2.1 drbd-udev-8.4.4-0.27.2.1 drbd-utils-8.4.4-0.27.2.1 gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14 gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14 ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4 ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14 drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13 gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14 ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.2.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14 cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14 drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13 drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13 gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14 gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14 ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4 ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14 drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13 gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14 ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): drbd-debuginfo-8.4.4-0.27.2.1 drbd-debugsource-8.4.4-0.27.2.1 kernel-default-debuginfo-3.0.101-108.7.1 kernel-default-debugsource-3.0.101-108.7.1 kernel-trace-debuginfo-3.0.101-108.7.1 kernel-trace-debugsource-3.0.101-108.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.7.1 kernel-trace-devel-debuginfo-3.0.101-108.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.7.1 kernel-ec2-debugsource-3.0.101-108.7.1 kernel-xen-debuginfo-3.0.101-108.7.1 kernel-xen-debugsource-3.0.101-108.7.1 kernel-xen-devel-debuginfo-3.0.101-108.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.7.1 kernel-bigmem-debugsource-3.0.101-108.7.1 kernel-ppc64-debuginfo-3.0.101-108.7.1 kernel-ppc64-debugsource-3.0.101-108.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.7.1 kernel-pae-debugsource-3.0.101-108.7.1 kernel-pae-devel-debuginfo-3.0.101-108.7.1 References: https://www.suse.com/security/cve/CVE-2014-9922.html https://www.suse.com/security/cve/CVE-2016-10277.html https://www.suse.com/security/cve/CVE-2017-1000363.html https://www.suse.com/security/cve/CVE-2017-1000365.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-11176.html https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-2647.html https://www.suse.com/security/cve/CVE-2017-6951.html https://www.suse.com/security/cve/CVE-2017-7482.html https://www.suse.com/security/cve/CVE-2017-7487.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-8924.html https://www.suse.com/security/cve/CVE-2017-8925.html https://www.suse.com/security/cve/CVE-2017-9074.html https://www.suse.com/security/cve/CVE-2017-9075.html https://www.suse.com/security/cve/CVE-2017-9076.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1000365 https://bugzilla.suse.com/1000380 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1015452 https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1029140 https://bugzilla.suse.com/1029850 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1030593 https://bugzilla.suse.com/1030814 https://bugzilla.suse.com/1032340 https://bugzilla.suse.com/1032471 https://bugzilla.suse.com/1034026 https://bugzilla.suse.com/1034670 https://bugzilla.suse.com/1035576 https://bugzilla.suse.com/1035721 https://bugzilla.suse.com/1035777 https://bugzilla.suse.com/1035920 https://bugzilla.suse.com/1036056 https://bugzilla.suse.com/1036288 https://bugzilla.suse.com/1036629 https://bugzilla.suse.com/1037191 https://bugzilla.suse.com/1037193 https://bugzilla.suse.com/1037227 https://bugzilla.suse.com/1037232 https://bugzilla.suse.com/1037233 https://bugzilla.suse.com/1037356 https://bugzilla.suse.com/1037358 https://bugzilla.suse.com/1037359 https://bugzilla.suse.com/1037441 https://bugzilla.suse.com/1038544 https://bugzilla.suse.com/1038879 https://bugzilla.suse.com/1038981 https://bugzilla.suse.com/1038982 https://bugzilla.suse.com/1039258 https://bugzilla.suse.com/1039354 https://bugzilla.suse.com/1039456 https://bugzilla.suse.com/1039594 https://bugzilla.suse.com/1039882 https://bugzilla.suse.com/1039883 https://bugzilla.suse.com/1039885 https://bugzilla.suse.com/1040069 https://bugzilla.suse.com/1040351 https://bugzilla.suse.com/1041160 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1041762 https://bugzilla.suse.com/1041975 https://bugzilla.suse.com/1042045 https://bugzilla.suse.com/1042615 https://bugzilla.suse.com/1042633 https://bugzilla.suse.com/1042687 https://bugzilla.suse.com/1042832 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1043014 https://bugzilla.suse.com/1043234 https://bugzilla.suse.com/1043935 https://bugzilla.suse.com/1044015 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1044216 https://bugzilla.suse.com/1044230 https://bugzilla.suse.com/1044854 https://bugzilla.suse.com/1044882 https://bugzilla.suse.com/1044913 https://bugzilla.suse.com/1045154 https://bugzilla.suse.com/1045356 https://bugzilla.suse.com/1045416 https://bugzilla.suse.com/1045479 https://bugzilla.suse.com/1045487 https://bugzilla.suse.com/1045525 https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1045547 https://bugzilla.suse.com/1045615 https://bugzilla.suse.com/1046107 https://bugzilla.suse.com/1046192 https://bugzilla.suse.com/1046715 https://bugzilla.suse.com/1047027 https://bugzilla.suse.com/1047053 https://bugzilla.suse.com/1047343 https://bugzilla.suse.com/1047354 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1047523 https://bugzilla.suse.com/1047653 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1048221 https://bugzilla.suse.com/1048232 https://bugzilla.suse.com/1048275 https://bugzilla.suse.com/1049128 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049688 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050154 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1051478 https://bugzilla.suse.com/1051515 https://bugzilla.suse.com/1051770 https://bugzilla.suse.com/1055680 https://bugzilla.suse.com/784815 https://bugzilla.suse.com/792863 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/909618 https://bugzilla.suse.com/919382 https://bugzilla.suse.com/928138 https://bugzilla.suse.com/938352 https://bugzilla.suse.com/943786 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/962257 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/972891 https://bugzilla.suse.com/986924 https://bugzilla.suse.com/990682 https://bugzilla.suse.com/995542 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWbXPk4x+lLeg9Ub1AQgxXxAAhzMNEqtmxyTgexV4RkxUE/Jkc3uquHZD WYdcMInSF1JHw9kGI+MeN4t/ggvYK5gM2TasjHtZmygA/mlDu06WUVj6ajdDIoDE SZI9bP2xZ8tHMwrBMfLPl82XW2JTV+PJkTViS3Zqb53oN8zaoj3vXFxRqMQUO4ZK OXBezDcNRfQys94zu8nPU8ZlKM72wGvN7sT/HR+V9StlC4j62hzRxV1f4zSp94Y4 Sr0H6qK3JpUPOENNmUvnWiSokznj3R1IRihuyRrJKp+S6ATcDM6C73dA+EFVu1tL Spl3CJHoaGtGeU5sH91zq4t5y1QBZzFHqjGqYB3o6UdFq2CuhEMd1FhnJ3psdrMB MdLyT/sjpOrkPEjnt7x9mQGEROHHYw0ePwkFdyC2scuyUxQZXFRm+3hkxpYIhLSs 4qXtg8TqNzIk2YkZgzAvQ2atyjpON+5wlLEBR4kn0m3TqH3LaHuSS/E5E2cm9a/0 tI1oTpz6CmNpNkt6aUWkdwGCYimmbPXFRoidZLdrHv/Bfrru+XhjIplk8FWtpgOA 2+qu1NVYSjO7HjwaXAwrNZNF+e9uUUQjqG6cHabn2g82nAB/FjwwaAkxuyFFLoBN JITmFuyZUvJZVr5SG1qNF9aXbWrorzk5nH07WsLok8GhDSjlZYeNwqxMSFUqES5Z dbFOmUFKyXc= =BH5p -----END PGP SIGNATURE-----