SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0437-1
Rating: important
References: #1012382 #1047626 #1068032 #1070623 #1073311
#1073792 #1073874 #1075091 #1075908 #1075994
#1076017 #1076110 #1076154 #1076278 #1077355
#1077560 #1077922 #893777 #893949 #902893
#951638
Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
CVE-2017-17805 CVE-2017-17806 CVE-2017-18079
CVE-2017-5715 CVE-2018-1000004
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 8 vulnerabilities and has 13 fixes is
now available.
Description:
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
– CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure
of information to an attacker with local user access via a side-channel
analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka “retpolines”.
– CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a
denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact because the port->exists value
can change after it is validated (bnc#1077922)
– CVE-2015-1142857: Prevent guests from sending ethernet flow control
pause frames via the PF (bnc#1077355)
– CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive
information from kernel memory, aka a write_mmio stack-based
out-of-bounds read (bnc#1073311)
– CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)
– CVE-2018-1000004: Prevent race condition in the sound system, this could
have lead a deadlock and denial of service condition (bnc#1076017)
– CVE-2017-17806: The HMAC implementation did not validate that the
underlying cryptographic hash algorithm is unkeyed, allowing a local
attacker able to use the AF_ALG-based hash interface
(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by
executing a crafted sequence of system calls that encounter a missing
SHA-3 initialization (bnc#1073874)
– CVE-2017-17805: The Salsa20 encryption algorithm did not correctly
handle zero-length inputs, allowing a local attacker able to use the
AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to
cause a denial of service (uninitialized-memory free and kernel crash)
or have unspecified other impact by executing a crafted sequence of
system calls that use the blkcipher_walk API. Both the generic
implementation (crypto/salsa20_generic.c) and x86 implementation
(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792)
The following non-security bugs were fixed:
– bcache allocator: send discards with correct size (bsc#1047626).
– bcache.txt: standardize document format (bsc#1076110).
– bcache: Abstract out stuff needed for sorting (bsc#1076110).
– bcache: Add a cond_resched() call to gc (bsc#1076110).
– bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).
– bcache: Add bch_bkey_equal_header() (bsc#1076110).
– bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).
– bcache: Add bch_keylist_init_single() (bsc#1047626).
– bcache: Add btree_insert_node() (bnc#951638).
– bcache: Add btree_map() functions (bsc#1047626).
– bcache: Add btree_node_write_sync() (bsc#1076110).
– bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
– bcache: Add make_btree_freeing_key() (bsc#1076110).
– bcache: Add on error panic/unregister setting (bsc#1047626).
– bcache: Add struct bset_sort_state (bsc#1076110).
– bcache: Add struct btree_keys (bsc#1076110).
– bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).
– bcache: Avoid deadlocking in garbage collection (bsc#1076110).
– bcache: Avoid nested function definition (bsc#1076110).
– bcache: Better alloc tracepoints (bsc#1076110).
– bcache: Better full stripe scanning (bsc#1076110).
– bcache: Bkey indexing renaming (bsc#1076110).
– bcache: Break up struct search (bsc#1076110).
– bcache: Btree verify code improvements (bsc#1076110).
– bcache: Bypass torture test (bsc#1076110).
– bcache: Change refill_dirty() to always scan entire disk if necessary
(bsc#1076110).
– bcache: Clean up cache_lookup_fn (bsc#1076110).
– bcache: Clean up keylist code (bnc#951638).
– bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes()
(bsc#1076110).
– bcache: Convert bch_btree_read_async() to bch_btree_map_keys()
(bsc#1076110).
– bcache: Convert btree_insert_check_key() to btree_insert_node()
(bnc#951638).
– bcache: Convert btree_iter to struct btree_keys (bsc#1076110).
– bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
– bcache: Convert debug code to btree_keys (bsc#1076110).
– bcache: Convert gc to a kthread (bsc#1047626).
– bcache: Convert sorting to btree_keys (bsc#1076110).
– bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
– bcache: Convert writeback to a kthread (bsc#1076110).
– bcache: Correct return value for sysfs attach errors (bsc#1076110).
– bcache: Debug code improvements (bsc#1076110).
– bcache: Delete some slower inline asm (bsc#1047626).
– bcache: Do bkey_put() in btree_split() error path (bsc#1076110).
– bcache: Do not bother with bucket refcount for btree node allocations
(bsc#1076110).
– bcache: Do not reinvent the wheel but use existing llist API
(bsc#1076110).
– bcache: Do not return -EINTR when insert finished (bsc#1076110).
– bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).
– bcache: Do not use op->insert_collision (bsc#1076110).
– bcache: Drop some closure stuff (bsc#1076110).
– bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
– bcache: Explicitly track btree node’s parent (bnc#951638).
– bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
– bcache: Fix a bug when detaching (bsc#951638).
– bcache: Fix a journal replay bug (bsc#1076110).
– bcache: Fix a journalling performance bug (bnc#893777).
– bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
– bcache: Fix a lockdep splat (bnc#893777).
– bcache: Fix a lockdep splat in an error path (bnc#951638).
– bcache: Fix a null ptr deref in journal replay (bsc#1047626).
– bcache: Fix a race when freeing btree nodes (bsc#1076110).
– bcache: Fix a shutdown bug (bsc#951638).
– bcache: Fix an infinite loop in journal replay (bsc#1047626).
– bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).
– bcache: Fix another compiler warning on m68k (bsc#1076110).
– bcache: Fix auxiliary search trees for key size > cacheline size
(bsc#1076110).
– bcache: Fix bch_ptr_bad() (bsc#1047626).
– bcache: Fix building error on MIPS (bsc#1076110).
– bcache: Fix dirty_data accounting (bsc#1076110).
– bcache: Fix discard granularity (bsc#1047626).
– bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).
– bcache: Fix for can_attach_cache() (bsc#1047626).
– bcache: Fix heap_peek() macro (bsc#1047626).
– bcache: Fix leak of bdev reference (bsc#1076110).
– bcache: Fix more early shutdown bugs (bsc#951638).
– bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).
– bcache: Fix moving_pred() (bsc#1047626).
– bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
– bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
– bcache: Have btree_split() insert into parent directly (bsc#1076110).
– bcache: Improve bucket_prio() calculation (bsc#1047626).
– bcache: Improve priority_stats (bsc#1047626).
– bcache: Incremental gc (bsc#1076110).
– bcache: Insert multiple keys at a time (bnc#951638).
– bcache: Kill bch_next_recurse_key() (bsc#1076110).
– bcache: Kill btree_io_wq (bsc#1076110).
– bcache: Kill bucket->gc_gen (bsc#1076110).
– bcache: Kill dead cgroup code (bsc#1076110).
– bcache: Kill op->cl (bsc#1076110).
– bcache: Kill op->replace (bsc#1076110).
– bcache: Kill sequential_merge option (bsc#1076110).
– bcache: Kill unaligned bvec hack (bsc#1076110).
– bcache: Kill unused freelist (bsc#1076110).
– bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).
– bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).
– bcache: Minor btree cache fix (bsc#1047626).
– bcache: Minor fixes from kbuild robot (bsc#1076110).
– bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).
– bcache: Move keylist out of btree_op (bsc#1047626).
– bcache: Move sector allocator to alloc.c (bsc#1076110).
– bcache: Move some stuff to btree.c (bsc#1076110).
– bcache: Move spinlock into struct time_stats (bsc#1076110).
– bcache: New writeback PD controller (bsc#1047626).
– bcache: PRECEDING_KEY() (bsc#1047626).
– bcache: Performance fix for when journal entry is full (bsc#1047626).
– bcache: Prune struct btree_op (bsc#1076110).
– bcache: Pull on disk data structures out into a separate header
(bsc#1076110).
– bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power
of two (bsc#1076110).
– bcache: Really show state of work pending bit (bsc#1076110).
– bcache: Refactor bset_tree sysfs stats (bsc#1076110).
– bcache: Refactor journalling flow control (bnc#951638).
– bcache: Refactor read request code a bit (bsc#1076110).
– bcache: Refactor request_write() (bnc#951638).
– bcache: Remove deprecated create_workqueue (bsc#1076110).
– bcache: Remove redundant block_size assignment (bsc#1047626).
– bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
– bcache: Remove redundant set_capacity (bsc#1076110).
– bcache: Remove unnecessary check in should_split() (bsc#1076110).
– bcache: Remove/fix some header dependencies (bsc#1047626).
– bcache: Rename/shuffle various code around (bsc#1076110).
– bcache: Rework allocator reserves (bsc#1076110).
– bcache: Rework btree cache reserve handling (bsc#1076110).
– bcache: Split out sort_extent_cmp() (bsc#1076110).
– bcache: Stripe size isn’t necessarily a power of two (bnc#893949).
– bcache: Trivial error handling fix (bsc#1047626).
– bcache: Update continue_at() documentation (bsc#1076110).
– bcache: Use a mempool for mergesort temporary space (bsc#1076110).
– bcache: Use blkdev_issue_discard() (bnc#951638).
– bcache: Use ida for bcache block dev minor (bsc#1047626).
– bcache: Use uninterruptible sleep in writeback (bsc#1076110).
– bcache: Zero less memory (bsc#1076110).
– bcache: add a comment in journal bucket reading (bsc#1076110).
– bcache: add mutex lock for bch_is_open (bnc#902893).
– bcache: allows use of register in udev to avoid “device_busy” error
(bsc#1047626).
– bcache: bcache_write tracepoint was crashing (bsc#1076110).
– bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).
– bcache: bch_allocator_thread() is not freezable (bsc#1047626).
– bcache: bch_gc_thread() is not freezable (bsc#1047626).
– bcache: bch_writeback_thread() is not freezable (bsc#1076110).
– bcache: btree locking rework (bsc#1076110).
– bcache: bugfix – gc thread now gets woken when cache is full
(bsc#1047626).
– bcache: bugfix – moving_gc now moves only correct buckets (bsc#1047626).
– bcache: bugfix for race between moving_gc and bucket_invalidate
(bsc#1076110).
– bcache: check ca->alloc_thread initialized before wake up it
(bsc#1076110).
– bcache: check return value of register_shrinker (bsc#1076110).
– bcache: cleaned up error handling around register_cache() (bsc#1047626).
– bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
device (bsc#1047626).
– bcache: correct cache_dirty_target in __update_writeback_rate()
(bsc#1076110).
– bcache: defensively handle format strings (bsc#1047626).
– bcache: do not embed ‘return’ statements in closure macros (bsc#1076110).
– bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).
– bcache: do not write back data if reading it failed (bsc#1076110).
– bcache: documentation formatting, edited for clarity, stripe alignment
notes (bsc#1076110).
– bcache: documentation updates and corrections (bsc#1076110).
– bcache: explicitly destroy mutex while exiting (bsc#1076110).
– bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
(bsc#1047626).
– bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).
– bcache: fix a livelock when we cause a huge number of cache misses
(bsc#1047626).
– bcache: fix bch_hprint crash and improve output (bsc#1076110).
– bcache: fix crash in bcache_btree_node_alloc_fail tracepoint
(bsc#1047626).
– bcache: fix crash on shutdown in passthrough mode (bsc#1076110).
– bcache: fix for gc and write-back race (bsc#1076110).
– bcache: fix for gc and writeback race (bsc#1047626).
– bcache: fix for gc crashing when no sectors are used (bsc#1047626).
– bcache: fix lockdep warnings on shutdown (bsc#1047626).
– bcache: fix race of writeback thread starting before complete
initialization (bsc#1076110).
– bcache: fix sequential large write IO bypass (bsc#1076110).
– bcache: fix sparse non static symbol warning (bsc#1076110).
– bcache: fix typo in bch_bkey_equal_header (bsc#1076110).
– bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).
– bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).
– bcache: fix wrong cache_misses statistics (bsc#1076110).
– bcache: gc does not work when triggering by manual command (bsc#1076110).
– bcache: implement PI controller for writeback rate (bsc#1076110).
– bcache: increase the number of open buckets (bsc#1076110).
– bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).
– bcache: kill closure locking code (bsc#1076110).
– bcache: kill closure locking usage (bnc#951638).
– bcache: kill index() (bsc#1047626).
– bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).
– bcache: only permit to recovery read error when cache device is clean
(bsc#1076110).
– bcache: partition support: add 16 minors per bcacheN device
(bsc#1076110).
– bcache: pr_err: more meaningful error message when nr_stripes is invalid
(bsc#1076110).
– bcache: prevent crash on changing writeback_running (bsc#1076110).
– bcache: rearrange writeback main thread ratelimit (bsc#1076110).
– bcache: recover data from backing when data is clean (bsc#1076110).
– bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
(bsc#1047626).
– bcache: remove nested function usage (bsc#1076110).
– bcache: remove unused parameter (bsc#1076110).
– bcache: rewrite multiple partitions support (bsc#1076110).
– bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).
– bcache: silence static checker warning (bsc#1076110).
– bcache: smooth writeback rate control (bsc#1076110).
– bcache: stop moving_gc marking buckets that can’t be moved (bsc#1047626).
– bcache: try to set b->parent properly (bsc#1076110).
– bcache: update bch_bkey_try_merge (bsc#1076110).
– bcache: update bio->bi_opf bypass/writeback REQ_ flag hints
(bsc#1076110).
– bcache: update bucket_in_use in real time (bsc#1076110).
– bcache: update document info (bsc#1076110).
– bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).
– bcache: use kvfree() in various places (bsc#1076110).
– bcache: use llist_for_each_entry_safe() in __closure_wake_up()
(bsc#1076110).
– bcache: wait for buckets when allocating new btree root (bsc#1076110).
– bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).
– bcache: writeback rate shouldn’t artifically clamp (bsc#1076110).
– fork: clear thread stack upon allocation (bsc#1077560).
– gcov: disable for COMPILE_TEST (bnc#1012382).
– kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076154).
– kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
– md: more open-coded offset_in_page() (bsc#1076110).
– nfsd: do not share group_info among threads (bsc@1070623).
– sysfs/cpu: Add vulnerability folder (bnc#1012382).
– sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
– x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
– x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).
– x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).
– x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
– x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).
– x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
(bsc#1068032).
– x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
bsc#1075091).
– x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2018-301=1
– SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-301=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.61-52.119.1
kernel-default-base-3.12.61-52.119.1
kernel-default-base-debuginfo-3.12.61-52.119.1
kernel-default-debuginfo-3.12.61-52.119.1
kernel-default-debugsource-3.12.61-52.119.1
kernel-default-devel-3.12.61-52.119.1
kernel-syms-3.12.61-52.119.1
– SUSE Linux Enterprise Server 12-LTSS (noarch):
kernel-devel-3.12.61-52.119.1
kernel-macros-3.12.61-52.119.1
kernel-source-3.12.61-52.119.1
– SUSE Linux Enterprise Server 12-LTSS (x86_64):
kernel-xen-3.12.61-52.119.1
kernel-xen-base-3.12.61-52.119.1
kernel-xen-base-debuginfo-3.12.61-52.119.1
kernel-xen-debuginfo-3.12.61-52.119.1
kernel-xen-debugsource-3.12.61-52.119.1
kernel-xen-devel-3.12.61-52.119.1
kgraft-patch-3_12_61-52_119-default-1-1.7.1
kgraft-patch-3_12_61-52_119-xen-1-1.7.1
– SUSE Linux Enterprise Server 12-LTSS (s390x):
kernel-default-man-3.12.61-52.119.1
– SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.61-52.119.1
kernel-ec2-debuginfo-3.12.61-52.119.1
kernel-ec2-debugsource-3.12.61-52.119.1
kernel-ec2-devel-3.12.61-52.119.1
kernel-ec2-extra-3.12.61-52.119.1
kernel-ec2-extra-debuginfo-3.12.61-52.119.1
References:
https://www.suse.com/security/cve/CVE-2015-1142857.html
https://www.suse.com/security/cve/CVE-2017-13215.html
https://www.suse.com/security/cve/CVE-2017-17741.html
https://www.suse.com/security/cve/CVE-2017-17805.html
https://www.suse.com/security/cve/CVE-2017-17806.html
https://www.suse.com/security/cve/CVE-2017-18079.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-1000004.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1047626
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1070623
https://bugzilla.suse.com/1073311
https://bugzilla.suse.com/1073792
https://bugzilla.suse.com/1073874
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075908
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1076017
https://bugzilla.suse.com/1076110
https://bugzilla.suse.com/1076154
https://bugzilla.suse.com/1076278
https://bugzilla.suse.com/1077355
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077922
https://bugzilla.suse.com/893777
https://bugzilla.suse.com/893949
https://bugzilla.suse.com/902893
https://bugzilla.suse.com/951638
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0436-1
Rating: important
References: #1073230
Cross-References: CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.4.103-6_38 fixes one issue.
The following security issue was fixed:
– CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-299=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_103-6_38-default-2-2.1
kgraft-patch-4_4_103-6_38-default-debuginfo-2-2.1
References:
https://www.suse.com/security/cve/CVE-2017-17712.html
https://bugzilla.suse.com/1073230
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0433-1
Rating: important
References: #1073230
Cross-References: CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.4.103-6_33 fixes one issue.
The following security issue was fixed:
– CVE-2017-17712: The raw_sendmsg() function had a race condition that
lead to uninitialized stack pointer usage. This allowed a local user to
execute code and gain privileges (bsc#1073230).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Live Patching 12-SP3:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-298=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_103-6_33-default-2-2.1
kgraft-patch-4_4_103-6_33-default-debuginfo-2-2.1
References:
https://www.suse.com/security/cve/CVE-2017-17712.html
https://bugzilla.suse.com/1073230
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org