Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.3136
Security update for the Linux Kernel
17 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-17182 CVE-2018-14634 CVE-2018-14633
CVE-2018-5390
Reference: ASB-2018.0222
ASB-2018.0221
ESB-2018.3039
ESB-2018.2955
Original Bulletin:
https://www.suse.com/support/update/announcement/2018/suse-su-20183159-1/
https://www.suse.com/support/update/announcement/2018/suse-su-20183158-1/
https://www.suse.com/support/update/announcement/2018/suse-su-20183164-1/
https://www.suse.com/support/update/announcement/2018/suse-su-20183171-1/
https://www.suse.com/support/update/announcement/2018/suse-su-20183172-1/
https://www.suse.com/support/update/announcement/2018/suse-su-20183173-1/
Comment: This bulletin contains six (6) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3159-1
Rating: important
References: #1012382 #1031392 #1051510 #1055120 #1061840
#1065729 #1082519 #1085030 #1090078 #1094244
#1098782 #1101669 #1102495 #1103269 #1103405
#1103587 #1103636 #1104888 #1105190 #1105795
#1106105 #1106240 #1106948 #1107783 #1107829
#1107928 #1107947 #1108096 #1108170 #1108281
#1108323 #1108399 #1108823 #1109244 #1109333
#1109336 #1109337 #1109603 #1109806 #1109859
#1109979 #1109992 #1110006 #1110301 #1110363
#1110639 #1110642 #1110643 #1110644 #1110645
#1110646 #1110647 #1110649 #1110650
Cross-References: CVE-2018-14633 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise High Availability 15
______________________________________________________________________________
An update that solves two vulnerabilities and has 52 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be
vulnerable (bnc#1107829).
The following non-security bugs were fixed:
- alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at
error path (bsc#1051510).
- alsa: bebob: use address returned by kmalloc() instead of kernel stack
for streaming DMA mapping (bsc#1051510).
- alsa: emu10k1: fix possible info leak to userspace on
SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510).
- alsa: fireworks: fix memory leak of response buffer at error path
(bsc#1051510).
- alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510).
- alsa: msnd: Fix the default sample sizes (bsc#1051510).
- alsa: pcm: Fix snd_interval_refine first/last with open min/max
(bsc#1051510).
- alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
(bsc#1051510).
- ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510).
- ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
(bsc#1051510).
- ASoC: rt5514: Add the I2S ASRC support (bsc#1051510).
- ASoC: rt5514: Add the missing register in the readable table
(bsc#1051510).
- ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510).
- ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510).
- ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510).
- block, dax: remove dead code in blkdev_writepages() (bsc#1104888).
- block: fix warning when I/O elevator is changed as request_queue is
being removed (bsc#1109979).
- block: Invalidate cache on discard v2 (bsc#1109992).
- block: pass inclusive 'lend' parameter to truncate_inode_pages_range
(bsc#1109992).
- block: properly protect the 'queue' kobj in blk_unregister_queue
(bsc#1109979).
- bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510).
- bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587).
- bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510).
- btrfs: add a comp_refs() helper (dependency for bsc#1031392).
- btrfs: add tracepoints for outstanding extents mods (dependency for
bsc#1031392).
- btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
(bsc#1107947).
- btrfs: cleanup extent locking sequence (dependency for bsc#1031392).
- btrfs: delayed-inode: Remove wrong qgroup meta reservation calls
(bsc#1031392).
- btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item
(bsc#1031392).
- btrfs: fix data corruption when deduplicating between different files
(bsc#1110647).
- btrfs: fix duplicate extents after fsync of file with prealloc extents
(bsc#1110644).
- btrfs: fix fsync after hole punching when using no-holes feature
(bsc#1110642).
- btrfs: fix loss of prealloc extents past i_size after fsync log replay
(bsc#1110643).
- btrfs: fix return value on rename exchange failure (bsc#1110645).
- btrfs: fix send failure when root has deleted files still open
(bsc#1110650).
- btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).
- btrfs: log csums for all modified extents (bsc#1110639).
- btrfs: make the delalloc block rsv per inode (dependency for
bsc#1031392).
- btrfs: qgroup: Add quick exit for non-fs extents (dependency for
bsc#1031392).
- btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function
(dependency for bsc#1031392).
- btrfs: qgroup: Cleanup the remaining old reservation counters
(bsc#1031392).
- btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT
(bsc#1031392).
- btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392).
- btrfs: qgroup: Fix qgroup reserved space underflow by only freeing
reserved ranges (dependency for bsc#1031392).
- btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered
write and quotas being enabled (dependency for bsc#1031392).
- btrfs: qgroup: Fix wrong qgroup reservation update for relationship
modification (bsc#1031392).
- btrfs: qgroup: Introduce extent changeset for qgroup reserve functions
(dependency for bsc#1031392).
- btrfs: qgroup: Introduce function to convert META_PREALLOC into
META_PERTRANS (bsc#1031392).
- btrfs: qgroup: Introduce helpers to update and access new qgroup rsv
(bsc#1031392).
- btrfs: qgroup: Make qgroup_reserve and its callers to use separate
reservation type (bsc#1031392).
- btrfs: qgroup: Return actually freed bytes for qgroup release or free
data (dependency for bsc#1031392).
- btrfs: qgroup: Skeleton to support separate qgroup reservation type
(bsc#1031392).
- btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans
(bsc#1031392).
- btrfs: qgroup: Update trace events for metadata reservation
(bsc#1031392).
- btrfs: qgroup: Update trace events to use new separate rsv types
(bsc#1031392).
- btrfs: qgroup: Use independent and accurate per inode qgroup rsv
(bsc#1031392).
- btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta
reserved space (bsc#1031392).
- btrfs: qgroup: Use separate meta reservation type for delalloc
(bsc#1031392).
- btrfs: remove type argument from comp_tree_refs (dependency for
bsc#1031392).
- btrfs: Remove unused parameters from various functions (bsc#1110649).
- btrfs: rework outstanding_extents (dependency for bsc#1031392).
- btrfs: scrub: Do not use inode page cache in
scrub_handle_errored_block() (follow up for bsc#1108096).
- btrfs: scrub: Do not use inode pages for device replace (follow up for
bsc#1108096).
- btrfs: switch args for comp_*_refs (dependency for bsc#1031392).
- btrfs: sync log after logging new name (bsc#1110646).
- btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928).
- cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510).
- coresight: Handle errors in finding input/output ports (bsc#1051510).
- crypto: clarify licensing of OpenSSL asm code ().
- crypto: sharah - Unregister correct algorithms for SAHARA 3
(bsc#1051510).
- crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510).
- dax: Introduce a ->copy_to_iter dax operation (bsc#1098782).
- dax: Make extension of dax_operations transparent (bsc#1098782).
- dax: remove default copy_from_iter fallback (bsc#1098782).
patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch:
Refresh
- dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782).
- dax: require 'struct page' by default for filesystem dax (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh
- dax: store pfns in the radix (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh
- device-dax: Add missing address_space_operations (bsc#1107783).
- device-dax: Enable page_mapping() (bsc#1107783).
- device-dax: Set page->index (bsc#1107783).
- doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636).
- ext2: auto disable dax instead of failing mount (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- ext2, dax: introduce ext2_dax_aops (bsc#1104888).
- ext4: auto disable dax instead of failing mount (bsc#1104888 ).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888).
- ext4, dax: introduce ext4_dax_aops (bsc#1104888).
- ext4, dax: set ext4_dax_aops for dax files (bsc#1104888).
- fbdev: Distinguish between interlaced and progressive modes
(bsc#1051510).
- fbdev/via: fix defined but not used warning (bsc#1051510).
- filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783).
patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- filesystem-dax: Set page->index (bsc#1107783).
- Fix buggy backport in
patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch
(bsc#1109859)
- Fix kexec forbidding kernels signed with keys in the secondary keyring
to boot (bsc#1110006).
- Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts
with (apparently) bad resolution which introduced disorder in the sorted
section.
- fs, dax: prepare for dax-specific address_space_operations
(bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- fs, dax: use page->mapping to warn if truncate collides with a busy page
(bsc#1104888).
- gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510).
- gpio: pxa: Fix potential NULL dereference (bsc#1051510).
- gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
(bsc#1051510).
- HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510).
- i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
(bsc#1051510).
- Input: elantech - enable middle button of touchpad on ThinkPad P72
(bsc#1051510).
- input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
(bsc#1051510).
- intel_th: Fix device removal logic (bsc#1051510).
- iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).
- ioremap: Update pgtable free interfaces with addr (bsc#1110006).
- ipc/shm: fix shmat() nil address after round-down when remapping
(bsc#1090078).
- KABI: move the new handler to end of machdep_calls and hide it from
genksyms (bsc#1094244).
- kprobes/x86: Release insn_slot in failure path (bsc#1110006).
- KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
(bsc#1061840, git-fixes).
- KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
(bsc#1106240).
- KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
(bsc#1106240).
- KVM: x86: Do not re-{try,execute} after failed emulation in L2
(bsc#1106240).
- KVM: x86: Invert emulation re-execute behavior to make it opt-in
(bsc#1106240).
- KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE
(bsc#1106240).
- lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510).
- lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782).
- libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in
nsio_rw_bytes() (bsc#1098782).
- libnvdimm, pmem: Restore page attributes when clearing errors
(bsc#1107783).
- Limit kernel-source build to architectures for which we build binaries
(bsc#1108281).
- mac80211: fix pending queue hang due to TX_DROP (bsc#1051510).
- mac80211: restrict delayed tailroom needed decrement (bsc#1051510).
- mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510).
- mei: ignore not found client in the enumeration (bsc#1051510).
- mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
(bsc#1051510).
- mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510).
- mmc: sdhci: do not try to use 3.3V signaling if not supported
(bsc#1051510).
- mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510).
- mm, dax: introduce pfn_t_special() (bsc#1104888).
- mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE
pages (bsc#1107783).
- mm, madvise_inject_error: Let memory_failure() optionally take a page
reference (bsc#1107783).
- mm, memory_failure: Collect mapping size in collect_procs()
(bsc#1107783).
- mm, memory_failure: Teach memory_failure() about dev_pagemap pages
(bsc#1107783).
- mm, numa: Migrate pages to local nodes quicker early in the lifetime of
a task (bnc#1101669 optimise numa balancing for fast migrate).
- mm, numa: Remove rate-limiting of automatic numa balancing migration
(bnc#1101669 optimise numa balancing for fast migrate).
- mm, numa: Remove rate-limiting of automatic numa balancing migration
kabi (bnc#1101669 optimise numa balancing for fast migrate).
- mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006).
- NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
(bsc#1051510).
- nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190).
- NFS/filelayout: Fix racy setting of fl->dsaddr in
filelayout_check_deviceid() (bsc#1105190).
- NFS: Use an appropriate work queue for direct-write completion
(bsc#1082519).
- parport: sunbpp: fix error return code (bsc#1051510).
- PCI: aardvark: Size bridges before resources allocation (bsc#1109806).
- PCI: designware: Fix I/O space page leak (bsc#1109806).
- PCI: faraday: Add missing of_node_put() (bsc#1109806).
- PCI: faraday: Fix I/O space page leak (bsc#1109806).
- PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation
(bsc#1109806).
- PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806).
- PCI: versatile: Fix I/O space page leak (bsc#1109806).
- PCI: xgene: Fix I/O space page leak (bsc#1109806).
- PCI: xilinx: Add missing of_node_put() (bsc#1109806).
- PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806).
- pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
(bsc#1051510).
- platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510).
- platform/x86: toshiba_acpi: Fix defined but not used build warnings
(bsc#1051510).
- pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782).
- powernv/pseries: consolidate code for mce early handling (bsc#1094244).
- powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).
- powerpc/fadump: re-register firmware-assisted dump if already registered
(bsc#1108170, bsc#1108823).
- powerpc: Fix size calculation using resource_size() (bnc#1012382).
- powerpc: KABI add aux_ptr to hole in paca_struct to extend it with
additional members (bsc#1094244).
- powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244).
- powerpc/numa: Use associativity if VPHN hcall is successful
(bsc#1110363).
- powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
(bsc#1109244).
- powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large
address range (bsc#1055120).
- powerpc/pseries: Defer the logging of rtas error to irq work queue
(bsc#1094244).
- powerpc/pseries: Define MCE error event section (bsc#1094244).
- powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729).
- powerpc/pseries: Display machine check error details (bsc#1094244).
- powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).
- Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch
- powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).
- powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).
- powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,
bsc#1109337).
- powerpc/tm: Avoid possible userspace r1 corruption on reclaim
(bsc#1109333).
- powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
- powerpc/xive: Fix trying to "push" an already active pool VP
(bsc#1085030, git-fixes).
- r8152: Check for supported Wake-on-LAN Modes (bsc#1051510).
- README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as
co-maintainer, keep tiwai as the primary maintainer
- regulator: fix crash caused by null driver data (bsc#1051510).
- rename/renumber hv patches to simplify upcoming upstream merges No code
changes.
- Revert "btrfs: qgroups: Retry after commit on getting EDQUOT"
(bsc#1031392).
- Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078).
- rpm/mkspec: build dtbs for architectures marked -!needs_updating
- rpm/mkspec: fix ppc64 kernel-source build.
- s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323,
LTC#171709).
- s390/pci: fix out of bounds access during irq setup (bnc#1108323,
LTC#171068).
- s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948).
- s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948).
- sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).
- sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669
optimise numa balancing for fast migrate).
- sched/numa: Pass destination CPU as a parameter to migrate_task_rq
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Reset scan rate whenever task moves across nodes
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Stop multiple tasks from moving to the CPU at the same time
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Stop multiple tasks from moving to the CPU at the same time
kabi (bnc#1101669 optimise numa balancing for fast migrate).
- scsi: hisi_sas: Add a flag to filter PHY events during reset ().
- scsi: hisi_sas: add memory barrier in task delivery function ().
- scsi: hisi_sas: Add missing PHY spinlock init ().
- scsi: hisi_sas: Add SATA FIS check for v3 hw ().
- scsi: hisi_sas: Adjust task reject period during host reset ().
- scsi: hisi_sas: Drop hisi_sas_slot_abort() ().
- scsi: hisi_sas: Fix the conflict between dev gone and host reset ().
- scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout
().
- scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw ().
- scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() ().
- scsi: hisi_sas: Pre-allocate slot DMA buffers ().
- scsi: hisi_sas: Release all remaining resources in clear nexus ha ().
- scsi: hisi_sas: relocate some common code for v3 hw ().
- scsi: hisi_sas: tidy channel interrupt handler for v3 hw ().
- scsi: hisi_sas: Tidy hisi_sas_task_prep() ().
- scsi: hisi_sas: tidy host controller reset function a bit ().
- scsi: hisi_sas: Update a couple of register settings for v3 hw ().
- scsi: hisi_sas: Use dmam_alloc_coherent() ().
- scsi: ipr: System hung while dlpar adding primary ipr adapter back
(bsc#1109336).
- smsc75xx: Check for Wake-on-LAN modes (bsc#1051510).
- smsc95xx: Check for Wake-on-LAN modes (bsc#1051510).
- sort series.conf I didn't want to, but he made me do it.
- sr9800: Check for supported Wake-on-LAN modes (bsc#1051510).
- sr: get/drop reference to device in revalidate and check_events
(bsc#1109979).
- supported.conf: add test_syctl to new kselftests-kmp package As per we
will require new FATE requests per each new selftest driver. We do not
want to support these module on production runs but we do want to
support them for QA / testing uses. The compromise is to package them
into its own package, this will be the kselftests-kmp package. Selftests
can also be used as proof of concept vehicle for issues by customers or
ourselves. Vanilla kernels do not get test_sysctl given that driver was
using built-in defaults, this also means we cannot run sefltests on
config/s390x/zfcpdump which does not enable modules. Likeweise, since we
had to *change* the kernel for test_syctl, it it also means we can't
test test_syctl with vanilla kernels. It should be possible with other
selftests drivers if they are present in vanilla kernels though.
- uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782).
- VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405).
- video: goldfishfb: fix memory leak on driver remove (bsc#1051510).
- watchdog: Mark watchdog touch functions as notrace (git-fixes).
- wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
(bsc#1051510).
- x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump
(bsc#1110006).
- x86/apic: Split disable_IO_APIC() into two functions to fix
CONFIG_KEXEC_JUMP=y (bsc#1110006).
- x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC()
(bsc#1110006).
- x86/apic/vector: Fix off by one in error path (bsc#1110006).
- x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault
handling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782).
- x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling
(bsc#1098782).
- x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled
(bsc#1098782).
- x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782).
- x86/boot: Fix kexec booting failure in the SEV bit detection code
(bsc#1110301).
- x86/build/64: Force the linker to use 2MB page size (bsc#1109603).
- x86/dumpstack: Save first regs set for the executive summary
(bsc#1110006).
- x86/dumpstack: Unify show_regs() (bsc#1110006).
- x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
(bsc#1110006).
- x86/espfix/64: Fix espfix double-fault handling on 5-level systems
(bsc#1110006).
- x86/idt: Load idt early in start_secondary (bsc#1110006).
- x86/kexec: Avoid double free_page() upon do_kexec_load() failure
(bsc#1110006).
- x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783).
- x86/mce: Improve error message when kernel cannot recover (bsc#1110006).
- x86/mce: Improve error message when kernel cannot recover (bsc#1110301).
- x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783).
- x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup
compilation breakage on s390 and arm due to missing clear_mce_nospec().
- x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006).
- x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006).
- x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006).
- x86/mm: Expand static page table for fixmap space (bsc#1110006).
- x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006).
- x86/mm: implement free pmd/pte page interfaces (bsc#1110006).
- x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses
(bsc#1107783).
- x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006).
- x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).
- x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301).
- x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006).
- x86/pkeys: Do not special case protection key 0 (bsc#1110006).
- x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006).
- x86/process: Do not mix user/kernel regs in 64bit __show_regs()
(bsc#1110006).
- x86/process: Re-export start_thread() (bsc#1110006).
- x86/vdso: Fix lsl operand order (bsc#1110006).
- x86/vdso: Fix lsl operand order (bsc#1110301).
- xen: issue warning message when out of grant maptrack entries
(bsc#1105795).
- xfs, dax: introduce xfs_dax_aops (bsc#1104888).
- xhci: Fix use after free for URB cancellation on a reallocated endpoint
(bsc#1051510).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 15:
zypper in -t patch SUSE-SLE-Product-WE-15-2018-2241=1
- SUSE Linux Enterprise Module for Legacy Software 15:
zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2241=1
- SUSE Linux Enterprise Module for Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2241=1
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2241=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2018-2241=1
Package List:
- SUSE Linux Enterprise Workstation Extension 15 (x86_64):
kernel-default-debuginfo-4.12.14-25.22.1
kernel-default-debugsource-4.12.14-25.22.1
kernel-default-extra-4.12.14-25.22.1
kernel-default-extra-debuginfo-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-25.22.1
kernel-default-debugsource-4.12.14-25.22.1
reiserfs-kmp-default-4.12.14-25.22.1
reiserfs-kmp-default-debuginfo-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-25.22.1
kernel-obs-build-debugsource-4.12.14-25.22.1
kernel-syms-4.12.14-25.22.1
kernel-vanilla-base-4.12.14-25.22.1
kernel-vanilla-base-debuginfo-4.12.14-25.22.1
kernel-vanilla-debuginfo-4.12.14-25.22.1
kernel-vanilla-debugsource-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Development Tools 15 (noarch):
kernel-docs-4.12.14-25.22.2
kernel-source-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-25.22.1
kernel-default-debuginfo-4.12.14-25.22.1
kernel-default-debugsource-4.12.14-25.22.1
kernel-default-devel-4.12.14-25.22.1
kernel-default-devel-debuginfo-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Basesystem 15 (noarch):
kernel-devel-4.12.14-25.22.1
kernel-macros-4.12.14-25.22.1
- SUSE Linux Enterprise Module for Basesystem 15 (s390x):
kernel-default-man-4.12.14-25.22.1
kernel-zfcpdump-4.12.14-25.22.1
kernel-zfcpdump-debuginfo-4.12.14-25.22.1
kernel-zfcpdump-debugsource-4.12.14-25.22.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-25.22.1
cluster-md-kmp-default-debuginfo-4.12.14-25.22.1
dlm-kmp-default-4.12.14-25.22.1
dlm-kmp-default-debuginfo-4.12.14-25.22.1
gfs2-kmp-default-4.12.14-25.22.1
gfs2-kmp-default-debuginfo-4.12.14-25.22.1
kernel-default-debuginfo-4.12.14-25.22.1
kernel-default-debugsource-4.12.14-25.22.1
ocfs2-kmp-default-4.12.14-25.22.1
ocfs2-kmp-default-debuginfo-4.12.14-25.22.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1031392
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1055120
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1082519
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1090078
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1098782
https://bugzilla.suse.com/1101669
https://bugzilla.suse.com/1102495
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1103405
https://bugzilla.suse.com/1103587
https://bugzilla.suse.com/1103636
https://bugzilla.suse.com/1104888
https://bugzilla.suse.com/1105190
https://bugzilla.suse.com/1105795
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1106948
https://bugzilla.suse.com/1107783
https://bugzilla.suse.com/1107829
https://bugzilla.suse.com/1107928
https://bugzilla.suse.com/1107947
https://bugzilla.suse.com/1108096
https://bugzilla.suse.com/1108170
https://bugzilla.suse.com/1108281
https://bugzilla.suse.com/1108323
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1108823
https://bugzilla.suse.com/1109244
https://bugzilla.suse.com/1109333
https://bugzilla.suse.com/1109336
https://bugzilla.suse.com/1109337
https://bugzilla.suse.com/1109603
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1109859
https://bugzilla.suse.com/1109979
https://bugzilla.suse.com/1109992
https://bugzilla.suse.com/1110006
https://bugzilla.suse.com/1110301
https://bugzilla.suse.com/1110363
https://bugzilla.suse.com/1110639
https://bugzilla.suse.com/1110642
https://bugzilla.suse.com/1110643
https://bugzilla.suse.com/1110644
https://bugzilla.suse.com/1110645
https://bugzilla.suse.com/1110646
https://bugzilla.suse.com/1110647
https://bugzilla.suse.com/1110649
https://bugzilla.suse.com/1110650
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3158-1
Rating: important
References: #1012382 #1031392 #1051510 #1055120 #1061840
#1065729 #1082519 #1085030 #1090078 #1094244
#1098782 #1101669 #1102495 #1103269 #1103405
#1103587 #1103636 #1104888 #1105190 #1105795
#1106105 #1106240 #1106948 #1107783 #1107829
#1107928 #1107947 #1108096 #1108170 #1108281
#1108323 #1108399 #1108823 #1109244 #1109333
#1109336 #1109337 #1109603 #1109806 #1109859
#1109979 #1109992 #1110006 #1110301 #1110363
#1110639 #1110642 #1110643 #1110644 #1110645
#1110646 #1110647 #1110649 #1110650
Cross-References: CVE-2018-14633 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
______________________________________________________________________________
An update that solves two vulnerabilities and has 52 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be
vulnerable (bnc#1107829).
The following non-security bugs were fixed:
- alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at
error path (bsc#1051510).
- alsa: bebob: use address returned by kmalloc() instead of kernel stack
for streaming DMA mapping (bsc#1051510).
- alsa: emu10k1: fix possible info leak to userspace on
SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510).
- alsa: fireworks: fix memory leak of response buffer at error path
(bsc#1051510).
- alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510).
- alsa: msnd: Fix the default sample sizes (bsc#1051510).
- alsa: pcm: Fix snd_interval_refine first/last with open min/max
(bsc#1051510).
- alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
(bsc#1051510).
- ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510).
- ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
(bsc#1051510).
- ASoC: rt5514: Add the I2S ASRC support (bsc#1051510).
- ASoC: rt5514: Add the missing register in the readable table
(bsc#1051510).
- ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510).
- ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510).
- ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510).
- block, dax: remove dead code in blkdev_writepages() (bsc#1104888).
- block: fix warning when I/O elevator is changed as request_queue is
being removed (bsc#1109979).
- block: Invalidate cache on discard v2 (bsc#1109992).
- block: pass inclusive 'lend' parameter to truncate_inode_pages_range
(bsc#1109992).
- block: properly protect the 'queue' kobj in blk_unregister_queue
(bsc#1109979).
- bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510).
- bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587).
- bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510).
- btrfs: add a comp_refs() helper (dependency for bsc#1031392).
- btrfs: add tracepoints for outstanding extents mods (dependency for
bsc#1031392).
- btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
(bsc#1107947).
- btrfs: cleanup extent locking sequence (dependency for bsc#1031392).
- btrfs: delayed-inode: Remove wrong qgroup meta reservation calls
(bsc#1031392).
- btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item
(bsc#1031392).
- btrfs: fix data corruption when deduplicating between different files
(bsc#1110647).
- btrfs: fix duplicate extents after fsync of file with prealloc extents
(bsc#1110644).
- btrfs: fix fsync after hole punching when using no-holes feature
(bsc#1110642).
- btrfs: fix loss of prealloc extents past i_size after fsync log replay
(bsc#1110643).
- btrfs: fix return value on rename exchange failure (bsc#1110645).
- btrfs: fix send failure when root has deleted files still open
(bsc#1110650).
- btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).
- btrfs: log csums for all modified extents (bsc#1110639).
- btrfs: make the delalloc block rsv per inode (dependency for
bsc#1031392).
- btrfs: qgroup: Add quick exit for non-fs extents (dependency for
bsc#1031392).
- btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function
(dependency for bsc#1031392).
- btrfs: qgroup: Cleanup the remaining old reservation counters
(bsc#1031392).
- btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT
(bsc#1031392).
- btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392).
- btrfs: qgroup: Fix qgroup reserved space underflow by only freeing
reserved ranges (dependency for bsc#1031392).
- btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered
write and quotas being enabled (dependency for bsc#1031392).
- btrfs: qgroup: Fix wrong qgroup reservation update for relationship
modification (bsc#1031392).
- btrfs: qgroup: Introduce extent changeset for qgroup reserve functions
(dependency for bsc#1031392).
- btrfs: qgroup: Introduce function to convert META_PREALLOC into
META_PERTRANS (bsc#1031392).
- btrfs: qgroup: Introduce helpers to update and access new qgroup rsv
(bsc#1031392).
- btrfs: qgroup: Make qgroup_reserve and its callers to use separate
reservation type (bsc#1031392).
- btrfs: qgroup: Return actually freed bytes for qgroup release or free
data (dependency for bsc#1031392).
- btrfs: qgroup: Skeleton to support separate qgroup reservation type
(bsc#1031392).
- btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans
(bsc#1031392).
- btrfs: qgroup: Update trace events for metadata reservation
(bsc#1031392).
- btrfs: qgroup: Update trace events to use new separate rsv types
(bsc#1031392).
- btrfs: qgroup: Use independent and accurate per inode qgroup rsv
(bsc#1031392).
- btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta
reserved space (bsc#1031392).
- btrfs: qgroup: Use separate meta reservation type for delalloc
(bsc#1031392).
- btrfs: remove type argument from comp_tree_refs (dependency for
bsc#1031392).
- btrfs: Remove unused parameters from various functions (bsc#1110649).
- btrfs: rework outstanding_extents (dependency for bsc#1031392).
- btrfs: scrub: Do not use inode page cache in
scrub_handle_errored_block() (follow up for bsc#1108096).
- btrfs: scrub: Do not use inode pages for device replace (follow up for
bsc#1108096).
- btrfs: switch args for comp_*_refs (dependency for bsc#1031392).
- btrfs: sync log after logging new name (bsc#1110646).
- btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928).
- cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510).
- coresight: Handle errors in finding input/output ports (bsc#1051510).
- crypto: clarify licensing of OpenSSL asm code ().
- crypto: sharah - Unregister correct algorithms for SAHARA 3
(bsc#1051510).
- crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510).
- dax: Introduce a ->copy_to_iter dax operation (bsc#1098782).
- dax: Make extension of dax_operations transparent (bsc#1098782).
- dax: remove default copy_from_iter fallback (bsc#1098782).
patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch:
Refresh
- dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782).
- dax: require 'struct page' by default for filesystem dax (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh
- dax: store pfns in the radix (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh
- device-dax: Add missing address_space_operations (bsc#1107783).
- device-dax: Enable page_mapping() (bsc#1107783).
- device-dax: Set page->index (bsc#1107783).
- doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636).
- ext2: auto disable dax instead of failing mount (bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- ext2, dax: introduce ext2_dax_aops (bsc#1104888).
- ext4: auto disable dax instead of failing mount (bsc#1104888 ).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888).
- ext4, dax: introduce ext4_dax_aops (bsc#1104888).
- ext4, dax: set ext4_dax_aops for dax files (bsc#1104888).
- fbdev: Distinguish between interlaced and progressive modes
(bsc#1051510).
- fbdev/via: fix defined but not used warning (bsc#1051510).
- filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783).
patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- filesystem-dax: Set page->index (bsc#1107783).
- Fix buggy backport in
patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch
(bsc#1109859)
- Fix kexec forbidding kernels signed with keys in the secondary keyring
to boot (bsc#1110006).
- Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts
with (apparently) bad resolution which introduced disorder in the sorted
section.
- fs, dax: prepare for dax-specific address_space_operations
(bsc#1104888).
patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch
: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh
- fs, dax: use page->mapping to warn if truncate collides with a busy page
(bsc#1104888).
- gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510).
- gpio: pxa: Fix potential NULL dereference (bsc#1051510).
- gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
(bsc#1051510).
- HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510).
- i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
(bsc#1051510).
- Input: elantech - enable middle button of touchpad on ThinkPad P72
(bsc#1051510).
- input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
(bsc#1051510).
- intel_th: Fix device removal logic (bsc#1051510).
- iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).
- ioremap: Update pgtable free interfaces with addr (bsc#1110006).
- ipc/shm: fix shmat() nil address after round-down when remapping
(bsc#1090078).
- KABI: move the new handler to end of machdep_calls and hide it from
genksyms (bsc#1094244).
- kprobes/x86: Release insn_slot in failure path (bsc#1110006).
- KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
(bsc#1061840, git-fixes).
- KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
(bsc#1106240).
- KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
(bsc#1106240).
- KVM: x86: Do not re-{try,execute} after failed emulation in L2
(bsc#1106240).
- KVM: x86: Invert emulation re-execute behavior to make it opt-in
(bsc#1106240).
- KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE
(bsc#1106240).
- lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510).
- lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782).
- libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in
nsio_rw_bytes() (bsc#1098782).
- libnvdimm, pmem: Restore page attributes when clearing errors
(bsc#1107783).
- Limit kernel-source build to architectures for which we build binaries
(bsc#1108281).
- mac80211: fix pending queue hang due to TX_DROP (bsc#1051510).
- mac80211: restrict delayed tailroom needed decrement (bsc#1051510).
- mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510).
- mei: ignore not found client in the enumeration (bsc#1051510).
- mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
(bsc#1051510).
- mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510).
- mmc: sdhci: do not try to use 3.3V signaling if not supported
(bsc#1051510).
- mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510).
- mm, dax: introduce pfn_t_special() (bsc#1104888).
- mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE
pages (bsc#1107783).
- mm, madvise_inject_error: Let memory_failure() optionally take a page
reference (bsc#1107783).
- mm, memory_failure: Collect mapping size in collect_procs()
(bsc#1107783).
- mm, memory_failure: Teach memory_failure() about dev_pagemap pages
(bsc#1107783).
- mm, numa: Migrate pages to local nodes quicker early in the lifetime of
a task (bnc#1101669 optimise numa balancing for fast migrate).
- mm, numa: Remove rate-limiting of automatic numa balancing migration
(bnc#1101669 optimise numa balancing for fast migrate).
- mm, numa: Remove rate-limiting of automatic numa balancing migration
kabi (bnc#1101669 optimise numa balancing for fast migrate).
- mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006).
- NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
(bsc#1051510).
- nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190).
- NFS/filelayout: Fix racy setting of fl->dsaddr in
filelayout_check_deviceid() (bsc#1105190).
- NFS: Use an appropriate work queue for direct-write completion
(bsc#1082519).
- parport: sunbpp: fix error return code (bsc#1051510).
- PCI: aardvark: Size bridges before resources allocation (bsc#1109806).
- PCI: designware: Fix I/O space page leak (bsc#1109806).
- PCI: faraday: Add missing of_node_put() (bsc#1109806).
- PCI: faraday: Fix I/O space page leak (bsc#1109806).
- PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation
(bsc#1109806).
- PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806).
- PCI: versatile: Fix I/O space page leak (bsc#1109806).
- PCI: xgene: Fix I/O space page leak (bsc#1109806).
- PCI: xilinx: Add missing of_node_put() (bsc#1109806).
- PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806).
- pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
(bsc#1051510).
- platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510).
- platform/x86: toshiba_acpi: Fix defined but not used build warnings
(bsc#1051510).
- pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782).
- powernv/pseries: consolidate code for mce early handling (bsc#1094244).
- powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).
- powerpc/fadump: re-register firmware-assisted dump if already registered
(bsc#1108170, bsc#1108823).
- powerpc: Fix size calculation using resource_size() (bnc#1012382).
- powerpc: KABI add aux_ptr to hole in paca_struct to extend it with
additional members (bsc#1094244).
- powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244).
- powerpc/numa: Use associativity if VPHN hcall is successful
(bsc#1110363).
- powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
(bsc#1109244).
- powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large
address range (bsc#1055120).
- powerpc/pseries: Defer the logging of rtas error to irq work queue
(bsc#1094244).
- powerpc/pseries: Define MCE error event section (bsc#1094244).
- powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729).
- powerpc/pseries: Display machine check error details (bsc#1094244).
- powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).
- Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch
- powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).
- powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).
- powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,
bsc#1109337).
- powerpc/tm: Avoid possible userspace r1 corruption on reclaim
(bsc#1109333).
- powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
- powerpc/xive: Fix trying to "push" an already active pool VP
(bsc#1085030, git-fixes).
- r8152: Check for supported Wake-on-LAN Modes (bsc#1051510).
- README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as
co-maintainer, keep tiwai as the primary maintainer
- regulator: fix crash caused by null driver data (bsc#1051510).
- rename/renumber hv patches to simplify upcoming upstream merges No code
changes.
- Revert "btrfs: qgroups: Retry after commit on getting EDQUOT"
(bsc#1031392).
- Revert "ipc/shm: Fix shmat mmap nil-page protection" (bsc#1090078).
- rpm/mkspec: build dtbs for architectures marked -!needs_updating
- rpm/mkspec: fix ppc64 kernel-source build.
- s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323,
LTC#171709).
- s390/pci: fix out of bounds access during irq setup (bnc#1108323,
LTC#171068).
- s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948).
- s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948).
- sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).
- sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669
optimise numa balancing for fast migrate).
- sched/numa: Pass destination CPU as a parameter to migrate_task_rq
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Reset scan rate whenever task moves across nodes
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Stop multiple tasks from moving to the CPU at the same time
(bnc#1101669 optimise numa balancing for fast migrate).
- sched/numa: Stop multiple tasks from moving to the CPU at the same time
kabi (bnc#1101669 optimise numa balancing for fast migrate).
- scsi: hisi_sas: Add a flag to filter PHY events during reset ().
- scsi: hisi_sas: add memory barrier in task delivery function ().
- scsi: hisi_sas: Add missing PHY spinlock init ().
- scsi: hisi_sas: Add SATA FIS check for v3 hw ().
- scsi: hisi_sas: Adjust task reject period during host reset ().
- scsi: hisi_sas: Drop hisi_sas_slot_abort() ().
- scsi: hisi_sas: Fix the conflict between dev gone and host reset ().
- scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout
().
- scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw ().
- scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() ().
- scsi: hisi_sas: Pre-allocate slot DMA buffers ().
- scsi: hisi_sas: Release all remaining resources in clear nexus ha ().
- scsi: hisi_sas: relocate some common code for v3 hw ().
- scsi: hisi_sas: tidy channel interrupt handler for v3 hw ().
- scsi: hisi_sas: Tidy hisi_sas_task_prep() ().
- scsi: hisi_sas: tidy host controller reset function a bit ().
- scsi: hisi_sas: Update a couple of register settings for v3 hw ().
- scsi: hisi_sas: Use dmam_alloc_coherent() ().
- scsi: ipr: System hung while dlpar adding primary ipr adapter back
(bsc#1109336).
- smsc75xx: Check for Wake-on-LAN modes (bsc#1051510).
- smsc95xx: Check for Wake-on-LAN modes (bsc#1051510).
- sort series.conf I didn't want to, but he made me do it.
- sr9800: Check for supported Wake-on-LAN modes (bsc#1051510).
- sr: get/drop reference to device in revalidate and check_events
(bsc#1109979).
- supported.conf: add test_syctl to new kselftests-kmp package As per we
will require new FATE requests per each new selftest driver. We do not
want to support these module on production runs but we do want to
support them for QA / testing uses. The compromise is to package them
into its own package, this will be the kselftests-kmp package. Selftests
can also be used as proof of concept vehicle for issues by customers or
ourselves. Vanilla kernels do not get test_sysctl given that driver was
using built-in defaults, this also means we cannot run sefltests on
config/s390x/zfcpdump which does not enable modules. Likeweise, since we
had to *change* the kernel for test_syctl, it it also means we can't
test test_syctl with vanilla kernels. It should be possible with other
selftests drivers if they are present in vanilla kernels though.
- uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782).
- VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405).
- video: goldfishfb: fix memory leak on driver remove (bsc#1051510).
- watchdog: Mark watchdog touch functions as notrace (git-fixes).
- wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
(bsc#1051510).
- x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump
(bsc#1110006).
- x86/apic: Split disable_IO_APIC() into two functions to fix
CONFIG_KEXEC_JUMP=y (bsc#1110006).
- x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC()
(bsc#1110006).
- x86/apic/vector: Fix off by one in error path (bsc#1110006).
- x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault
handling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782).
- x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling
(bsc#1098782).
- x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled
(bsc#1098782).
- x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782).
- x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782).
- x86/boot: Fix kexec booting failure in the SEV bit detection code
(bsc#1110301).
- x86/build/64: Force the linker to use 2MB page size (bsc#1109603).
- x86/dumpstack: Save first regs set for the executive summary
(bsc#1110006).
- x86/dumpstack: Unify show_regs() (bsc#1110006).
- x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
(bsc#1110006).
- x86/espfix/64: Fix espfix double-fault handling on 5-level systems
(bsc#1110006).
- x86/idt: Load idt early in start_secondary (bsc#1110006).
- x86/kexec: Avoid double free_page() upon do_kexec_load() failure
(bsc#1110006).
- x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783).
- x86/mce: Improve error message when kernel cannot recover (bsc#1110006).
- x86/mce: Improve error message when kernel cannot recover (bsc#1110301).
- x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783).
- x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup
compilation breakage on s390 and arm due to missing clear_mce_nospec().
- x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006).
- x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006).
- x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006).
- x86/mm: Expand static page table for fixmap space (bsc#1110006).
- x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006).
- x86/mm: implement free pmd/pte page interfaces (bsc#1110006).
- x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses
(bsc#1107783).
- x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006).
- x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).
- x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301).
- x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006).
- x86/pkeys: Do not special case protection key 0 (bsc#1110006).
- x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006).
- x86/process: Do not mix user/kernel regs in 64bit __show_regs()
(bsc#1110006).
- x86/process: Re-export start_thread() (bsc#1110006).
- x86/vdso: Fix lsl operand order (bsc#1110006).
- x86/vdso: Fix lsl operand order (bsc#1110301).
- xen: issue warning message when out of grant maptrack entries
(bsc#1105795).
- xfs, dax: introduce xfs_dax_aops (bsc#1104888).
- xhci: Fix use after free for URB cancellation on a reallocated endpoint
(bsc#1051510).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2241=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-25.22.1
kernel-default-debugsource-4.12.14-25.22.1
kernel-default-livepatch-4.12.14-25.22.1
kernel-livepatch-4_12_14-25_22-default-1-1.3.1
kernel-livepatch-4_12_14-25_22-default-debuginfo-1-1.3.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1031392
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1055120
https://bugzilla.suse.com/1061840
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1082519
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1090078
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1098782
https://bugzilla.suse.com/1101669
https://bugzilla.suse.com/1102495
https://bugzilla.suse.com/1103269
https://bugzilla.suse.com/1103405
https://bugzilla.suse.com/1103587
https://bugzilla.suse.com/1103636
https://bugzilla.suse.com/1104888
https://bugzilla.suse.com/1105190
https://bugzilla.suse.com/1105795
https://bugzilla.suse.com/1106105
https://bugzilla.suse.com/1106240
https://bugzilla.suse.com/1106948
https://bugzilla.suse.com/1107783
https://bugzilla.suse.com/1107829
https://bugzilla.suse.com/1107928
https://bugzilla.suse.com/1107947
https://bugzilla.suse.com/1108096
https://bugzilla.suse.com/1108170
https://bugzilla.suse.com/1108281
https://bugzilla.suse.com/1108323
https://bugzilla.suse.com/1108399
https://bugzilla.suse.com/1108823
https://bugzilla.suse.com/1109244
https://bugzilla.suse.com/1109333
https://bugzilla.suse.com/1109336
https://bugzilla.suse.com/1109337
https://bugzilla.suse.com/1109603
https://bugzilla.suse.com/1109806
https://bugzilla.suse.com/1109859
https://bugzilla.suse.com/1109979
https://bugzilla.suse.com/1109992
https://bugzilla.suse.com/1110006
https://bugzilla.suse.com/1110301
https://bugzilla.suse.com/1110363
https://bugzilla.suse.com/1110639
https://bugzilla.suse.com/1110642
https://bugzilla.suse.com/1110643
https://bugzilla.suse.com/1110644
https://bugzilla.suse.com/1110645
https://bugzilla.suse.com/1110646
https://bugzilla.suse.com/1110647
https://bugzilla.suse.com/1110649
https://bugzilla.suse.com/1110650
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3164-1
Rating: important
References: #1107832 #1110233
Cross-References: CVE-2018-14633 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.131-94_29 fixes several issues.
The following security issues were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bsc#1110233).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. (bsc#1107832).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2250=1 SUSE-SLE-Live-Patching-12-SP3-2018-2251=1 SUSE-SLE-Live-Patching-12-SP3-2018-2252=1 SUSE-SLE-Live-Patching-12-SP3-2018-2253=1 SUSE-SLE-Live-Patching-12-SP3-2018-2254=1 SUSE-SLE-Live-Patching-12-SP3-2018-2255=1 SUSE-SLE-Live-Patching-12-SP3-2018-2256=1 SUSE-SLE-Live-Patching-12-SP3-2018-2257=1 SUSE-SLE-Live-Patching-12-SP3-2018-2258=1 SUSE-SLE-Live-Patching-12-SP3-2018-2259=1 SUSE-SLE-Live-Patching-12-SP3-2018-2260=1 SUSE-SLE-Live-Patching-12-SP3-2018-2261=1 SUSE-SLE-Live-Patching-12-SP3-2018-2262=1 SUSE-SLE-Live-Patching-12-SP3-2018-2263=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_103-6_33-default-10-2.1
kgraft-patch-4_4_103-6_33-default-debuginfo-10-2.1
kgraft-patch-4_4_103-6_38-default-10-2.1
kgraft-patch-4_4_103-6_38-default-debuginfo-10-2.1
kgraft-patch-4_4_114-94_11-default-8-2.1
kgraft-patch-4_4_114-94_11-default-debuginfo-8-2.1
kgraft-patch-4_4_114-94_14-default-8-2.1
kgraft-patch-4_4_114-94_14-default-debuginfo-8-2.1
kgraft-patch-4_4_120-94_17-default-7-2.1
kgraft-patch-4_4_120-94_17-default-debuginfo-7-2.1
kgraft-patch-4_4_126-94_22-default-7-2.1
kgraft-patch-4_4_126-94_22-default-debuginfo-7-2.1
kgraft-patch-4_4_131-94_29-default-5-2.1
kgraft-patch-4_4_131-94_29-default-debuginfo-5-2.1
kgraft-patch-4_4_132-94_33-default-5-2.1
kgraft-patch-4_4_132-94_33-default-debuginfo-5-2.1
kgraft-patch-4_4_138-94_39-default-4-2.1
kgraft-patch-4_4_138-94_39-default-debuginfo-4-2.1
kgraft-patch-4_4_140-94_42-default-4-2.1
kgraft-patch-4_4_140-94_42-default-debuginfo-4-2.1
kgraft-patch-4_4_143-94_47-default-3-2.1
kgraft-patch-4_4_143-94_47-default-debuginfo-3-2.1
kgraft-patch-4_4_155-94_50-default-2-2.1
kgraft-patch-4_4_155-94_50-default-debuginfo-2-2.1
kgraft-patch-4_4_92-6_30-default-10-2.1
kgraft-patch-4_4_92-6_30-default-debuginfo-10-2.1
- SUSE Linux Enterprise Live Patching 12-SP3 (x86_64):
kgraft-patch-4_4_92-6_18-default-11-2.1
kgraft-patch-4_4_92-6_18-default-debuginfo-11-2.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1110233
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3171-1
Rating: important
References: #1107832 #1108963 #1110233
Cross-References: CVE-2018-14633 CVE-2018-14634 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues.
The following security issues were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bsc#1110233).
- CVE-2018-14634: An unprivileged local user with access to SUID (or
otherwise privileged) binary could use this flaw to escalate their
privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are
believed to be vulnerable (bsc#1108963).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. (bsc#1107832).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2266=1
SUSE-SLE-SERVER-12-SP1-2018-2267=1 SUSE-SLE-SERVER-12-SP1-2018-2268=1
SUSE-SLE-SERVER-12-SP1-2018-2269=1 SUSE-SLE-SERVER-12-SP1-2018-2270=1
SUSE-SLE-SERVER-12-SP1-2018-2271=1 SUSE-SLE-SERVER-12-SP1-2018-2272=1
SUSE-SLE-SERVER-12-SP1-2018-2273=1 SUSE-SLE-SERVER-12-SP1-2018-2275=1
Package List:
- SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
kgraft-patch-3_12_74-60_64_63-default-10-2.1
kgraft-patch-3_12_74-60_64_63-xen-10-2.1
kgraft-patch-3_12_74-60_64_66-default-9-2.1
kgraft-patch-3_12_74-60_64_66-xen-9-2.1
kgraft-patch-3_12_74-60_64_69-default-8-2.1
kgraft-patch-3_12_74-60_64_69-xen-8-2.1
kgraft-patch-3_12_74-60_64_82-default-8-2.1
kgraft-patch-3_12_74-60_64_82-xen-8-2.1
kgraft-patch-3_12_74-60_64_85-default-8-2.1
kgraft-patch-3_12_74-60_64_85-xen-8-2.1
kgraft-patch-3_12_74-60_64_88-default-6-2.1
kgraft-patch-3_12_74-60_64_88-xen-6-2.1
kgraft-patch-3_12_74-60_64_93-default-5-2.1
kgraft-patch-3_12_74-60_64_93-xen-5-2.1
kgraft-patch-3_12_74-60_64_96-default-5-2.1
kgraft-patch-3_12_74-60_64_96-xen-5-2.1
kgraft-patch-3_12_74-60_64_99-default-4-2.1
kgraft-patch-3_12_74-60_64_99-xen-4-2.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-14634.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1108963
https://bugzilla.suse.com/1110233
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3172-1
Rating: important
References: #1102682 #1107832 #1110233
Cross-References: CVE-2018-14633 CVE-2018-17182 CVE-2018-5390
Affected Products:
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues.
The following security issues were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bsc#1110233).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. (bsc#1107832).
- CVE-2018-5390: The Linux kernel could be forced to make very expensive
calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every
incoming packet which can lead to a denial of service (bsc#1102682).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2274=1
Package List:
- SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
kgraft-patch-3_12_74-60_64_104-default-2-2.1
kgraft-patch-3_12_74-60_64_104-xen-2-2.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://www.suse.com/security/cve/CVE-2018-5390.html
https://bugzilla.suse.com/1102682
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1110233
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3173-1
Rating: important
References: #1107832 #1110233
Cross-References: CVE-2018-14633 CVE-2018-17182
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.121-92_80 fixes several issues.
The following security issues were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bsc#1110233).
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. (bsc#1107832).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 12-SP2:
zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2276=1
SUSE-SLE-SAP-12-SP2-2018-2277=1 SUSE-SLE-SAP-12-SP2-2018-2278=1
SUSE-SLE-SAP-12-SP2-2018-2279=1 SUSE-SLE-SAP-12-SP2-2018-2280=1
SUSE-SLE-SAP-12-SP2-2018-2281=1 SUSE-SLE-SAP-12-SP2-2018-2282=1
SUSE-SLE-SAP-12-SP2-2018-2283=1 SUSE-SLE-SAP-12-SP2-2018-2284=1
SUSE-SLE-SAP-12-SP2-2018-2285=1 SUSE-SLE-SAP-12-SP2-2018-2286=1
- SUSE Linux Enterprise Server 12-SP2-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2276=1
SUSE-SLE-SERVER-12-SP2-2018-2277=1 SUSE-SLE-SERVER-12-SP2-2018-2278=1
SUSE-SLE-SERVER-12-SP2-2018-2279=1 SUSE-SLE-SERVER-12-SP2-2018-2280=1
SUSE-SLE-SERVER-12-SP2-2018-2281=1 SUSE-SLE-SERVER-12-SP2-2018-2282=1
SUSE-SLE-SERVER-12-SP2-2018-2283=1 SUSE-SLE-SERVER-12-SP2-2018-2284=1
SUSE-SLE-SERVER-12-SP2-2018-2285=1 SUSE-SLE-SERVER-12-SP2-2018-2286=1
Package List:
- SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):
kgraft-patch-4_4_103-92_53-default-10-2.1
kgraft-patch-4_4_103-92_56-default-10-2.1
kgraft-patch-4_4_114-92_64-default-8-2.1
kgraft-patch-4_4_114-92_67-default-8-2.1
kgraft-patch-4_4_120-92_70-default-7-2.1
kgraft-patch-4_4_121-92_73-default-6-2.1
kgraft-patch-4_4_121-92_80-default-6-2.1
kgraft-patch-4_4_121-92_85-default-4-2.1
kgraft-patch-4_4_121-92_92-default-4-2.1
kgraft-patch-4_4_90-92_45-default-11-2.1
kgraft-patch-4_4_90-92_50-default-11-2.1
- SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):
kgraft-patch-4_4_103-92_53-default-10-2.1
kgraft-patch-4_4_103-92_56-default-10-2.1
kgraft-patch-4_4_114-92_64-default-8-2.1
kgraft-patch-4_4_114-92_67-default-8-2.1
kgraft-patch-4_4_120-92_70-default-7-2.1
kgraft-patch-4_4_121-92_73-default-6-2.1
kgraft-patch-4_4_121-92_80-default-6-2.1
kgraft-patch-4_4_121-92_85-default-4-2.1
kgraft-patch-4_4_121-92_92-default-4-2.1
kgraft-patch-4_4_90-92_45-default-11-2.1
kgraft-patch-4_4_90-92_50-default-11-2.1
References:
https://www.suse.com/security/cve/CVE-2018-14633.html
https://www.suse.com/security/cve/CVE-2018-17182.html
https://bugzilla.suse.com/1107832
https://bugzilla.suse.com/1110233
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW8bNVWaOgq3Tt24GAQgr+hAAkvDRc/4E6HSfGr5qe6U2pIbpjZ4zUnRS
9uq11+H0JWNCua+g7c4ZTtPAAwL4+3pJlN4p5oxZecTN0AHsrNxc5VQjLRghny9p
JgiXL5XdjILgBNqpSfRMYgK/9+vpTA5OjZsmbyjxbMfoUoMauIr5DLY3hldMxn5W
4AXtYmlTz07wuyohooV4Dcg4yOl4JzDDOoutSrCk1XfYiRK+LLZ7SzBLypble6Lw
znDOZBVWGkkuiGdtgYunTS/jd39V5zIqVqZkMif7eRN73Pk8K2IHPjKeVG4+2dQY
syL0US1+2uAlq7UAOPEb/h9VbyxVEHLuflfzGTHpnj/aBVMNLXRLHnkd4LunRra4
oVtR612/8Kv0giTAKyKv/+tmUrUCkqNz0owu7mZ6jTi0tNj0tE0WSTcYVbmtgMVs
X32ReuCfK+Np74eEbohMWK3+Shx4L08sMfnFZHlVnu/rd6Nxzy4QkQpZMh/ZCTsd
JVqKRi7poq03+RcYjVAAdjHcnYiaTcpl8LAn0hFX80Eg7CitAgvzx7wAe4UBhXxd
X7moaFf0T50wD2Mn6NRLJ55epxQB5Yw6K0nM3A0c/Yexgj1IJrmQtAReNWbHWMBv
Z8DHxn4ZS+8/FzUoTvkkEf358r4iyFqD7iiMpqgZblm3oviFPcSzEZh7lvR45Rw2
GmvMUbJDWH8=
=VHVm
-----END PGP SIGNATURE-----