You are here
Home > Preporuke > Sigurnosni nedostaci programske jezgre

Sigurnosni nedostaci programske jezgre

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:1171-1
Rating: important
References: #1032084 #1050431 #1065726 #1087088 #1089665
#1089668 #1089752
Cross-References: CVE-2018-10124 CVE-2018-1087 CVE-2018-8897

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves three vulnerabilities and has four
fixes is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

– CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
potentially escalate their privileges inside a guest. (bsc#1087088)
– CVE-2018-8897: An unprivileged system user could use incorrect set up
interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)
– CVE-2018-10124: The kill_something_info function in kernel/signal.c in
the Linux kernel before 4.13, when an unspecified architecture and
compiler is used, might allow local users to cause a denial of service
via an INT_MIN argument (bnc#1089752).

The following non-security bugs were fixed:

– kvm/x86: fix icebp instruction handling (bsc#1087088).
– media: cpia2: Fix a couple off by one bugs (bsc#1050431).
– nfs: add nostatflush mount option (bsc#1065726).
– nfs: allow flush-on-stat to be disabled (bsc#1065726).
– powerpc/fadump: Add a warning when ‘fadump_reserve_mem=’ is used
(bnc#1032084, FATE#323225).
– powerpc/fadump: reuse crashkernel parameter for fadump memory
reservation (bnc#1032084, FATE#323225).
– powerpc/fadump: update documentation about crashkernel parameter reuse
(bnc#1032084, FATE#323225).
– powerpc/fadump: use ‘fadump_reserve_mem=’ when specified (bnc#1032084,
FATE#323225).
– x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-kernel-source-20180508-13592=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-kernel-source-20180508-13592=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-source-20180508-13592=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-source-20180508-13592=1

Package List:

– SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

kernel-docs-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-3.0.101-108.41.1
kernel-default-base-3.0.101-108.41.1
kernel-default-devel-3.0.101-108.41.1
kernel-source-3.0.101-108.41.1
kernel-syms-3.0.101-108.41.1
kernel-trace-3.0.101-108.41.1
kernel-trace-base-3.0.101-108.41.1
kernel-trace-devel-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

kernel-ec2-3.0.101-108.41.1
kernel-ec2-base-3.0.101-108.41.1
kernel-ec2-devel-3.0.101-108.41.1
kernel-xen-3.0.101-108.41.1
kernel-xen-base-3.0.101-108.41.1
kernel-xen-devel-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-SP4 (ppc64):

kernel-bigmem-3.0.101-108.41.1
kernel-bigmem-base-3.0.101-108.41.1
kernel-bigmem-devel-3.0.101-108.41.1
kernel-ppc64-3.0.101-108.41.1
kernel-ppc64-base-3.0.101-108.41.1
kernel-ppc64-devel-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-SP4 (s390x):

kernel-default-man-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-SP4 (i586):

kernel-pae-3.0.101-108.41.1
kernel-pae-base-3.0.101-108.41.1
kernel-pae-devel-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-trace-extra-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-108.41.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-108.41.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-debuginfo-3.0.101-108.41.1
kernel-default-debugsource-3.0.101-108.41.1
kernel-trace-debuginfo-3.0.101-108.41.1
kernel-trace-debugsource-3.0.101-108.41.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

kernel-default-devel-debuginfo-3.0.101-108.41.1
kernel-trace-devel-debuginfo-3.0.101-108.41.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-108.41.1
kernel-ec2-debugsource-3.0.101-108.41.1
kernel-xen-debuginfo-3.0.101-108.41.1
kernel-xen-debugsource-3.0.101-108.41.1
kernel-xen-devel-debuginfo-3.0.101-108.41.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

kernel-bigmem-debuginfo-3.0.101-108.41.1
kernel-bigmem-debugsource-3.0.101-108.41.1
kernel-ppc64-debuginfo-3.0.101-108.41.1
kernel-ppc64-debugsource-3.0.101-108.41.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

kernel-pae-debuginfo-3.0.101-108.41.1
kernel-pae-debugsource-3.0.101-108.41.1
kernel-pae-devel-debuginfo-3.0.101-108.41.1

References:

https://www.suse.com/security/cve/CVE-2018-10124.html
https://www.suse.com/security/cve/CVE-2018-1087.html
https://www.suse.com/security/cve/CVE-2018-8897.html
https://bugzilla.suse.com/1032084
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1065726
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1089665
https://bugzilla.suse.com/1089668
https://bugzilla.suse.com/1089752


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:1172-1
Rating: important
References: #1010470 #1039348 #1052943 #1062568 #1062840
#1063416 #1067118 #1072689 #1072865 #1078669
#1078672 #1078673 #1078674 #1080464 #1080757
#1082424 #1083242 #1083483 #1083494 #1084536
#1085331 #1086162 #1087088 #1087209 #1087260
#1087762 #1088147 #1088260 #1089608 #1089752
#940776
Cross-References: CVE-2015-5156 CVE-2016-7915 CVE-2017-0861
CVE-2017-12190 CVE-2017-13166 CVE-2017-16644
CVE-2017-16911 CVE-2017-16912 CVE-2017-16913
CVE-2017-16914 CVE-2017-18203 CVE-2017-18208
CVE-2018-10087 CVE-2018-10124 CVE-2018-1087
CVE-2018-6927 CVE-2018-7566 CVE-2018-7757
CVE-2018-8822 CVE-2018-8897
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that solves 20 vulnerabilities and has 11 fixes
is now available.

Description:

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

– CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
potentially escalate their privileges inside a guest. (bsc#1087088)
– CVE-2018-8897: An unprivileged system user could use incorrect set up
interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)
– CVE-2018-10124: The kill_something_info function in kernel/signal.c
might allow local users to cause a denial of service via an INT_MIN
argument (bnc#1089752).
– CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow
local users to cause a denial of service by triggering an attempted use
of the -INT_MIN value (bnc#1089608).
– CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial
of service (memory consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536
1087209).
– CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL
ioctl write operation to /dev/snd/seq by a local user was fixed
(bnc#1083483).
– CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function
in the ALSA subsystem allowed attackers to gain privileges via
unspecified vectors (bnc#1088260).
– CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
NCPFS servers to crash the kernel or execute code (bnc#1086162).
– CVE-2017-13166: An elevation of privilege vulnerability in the kernel
v4l2 video driver. (bnc#1072865).
– CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c
allow local users to cause a denial of service (BUG) by leveraging a
race condition with __dm_destroy during creation and removal of DM
devices (bnc#1083242).
– CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to
disclose kernel memory addresses. Successful exploitation requires that
a USB device is attached over IP (bnc#1078674).
– CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
local users to cause a denial of service (infinite loop) by triggering
use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
– CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
– CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow
attackers to cause a denial of service (integer overflow) or possibly
have unspecified other impact by triggering a negative wake or requeue
value (bnc#1080757).
– CVE-2017-16914: The “stub_send_ret_submit()” function
(drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of
service (NULL pointer dereference) via a specially crafted USB over IP
packet (bnc#1078669).
– CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c
allowed physically proximate attackers to obtain sensitive information
from kernel memory or cause a denial of service (out-of-bounds read) by
connecting a device, as demonstrated by a Logitech DJ receiver
(bnc#1010470).
– CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c
attempted to support a FRAGLIST feature without proper memory
allocation, which allowed guest OS users to cause a denial of service
(buffer overflow and memory corruption) via a crafted sequence of
fragmented packets (bnc#940776).
– CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in
block/bio.c did unbalanced refcounting when a SCSI I/O vector has small
consecutive buffers belonging to the same page. The bio_add_pc_page
function merges them into one, but the page reference is never dropped.
This causes a memory leak and possible system lockup (exploitable
against the host OS by a guest OS user, if a SCSI disk is passed through
to a virtual machine) due to an out-of-memory condition (bnc#1062568).
– CVE-2017-16912: The “get_pipe()” function (drivers/usb/usbip/stub_rx.c)
allowed attackers to cause a denial of service (out-of-bounds read) via
a specially crafted USB over IP packet (bnc#1078673).
– CVE-2017-16913: The “stub_recv_cmd_submit()” function
(drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed
attackers to cause a denial of service (arbitrary memory allocation) via
a specially crafted USB over IP packet (bnc#1078672).

The following non-security bugs were fixed:

– Integrate fixes resulting from bsc#1088147 More info in the respective
commit messages.
– KABI: x86/kaiser: properly align trampoline stack.
– KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
– ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
– ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
– ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
– kvm/x86: fix icebp instruction handling (bsc#1087088).
– leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
– mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
(bnc#1039348).
– x86-64: Move the “user” vsyscall segment out of the data segment
(bsc#1082424).
– x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
– x86/kaiser: properly align trampoline stack (bsc#1087260).
– x86/retpoline: do not perform thunk calls in ring3 vsyscall code
(bsc#1085331).
– xfs: check for buffer errors before waiting (bsc#1052943).
– xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762).
– xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near
(bsc#1087762).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-kernel-source-20180429-13591=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-source-20180429-13591=1

– SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-kernel-source-20180429-13591=1

– SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-kernel-source-20180429-13591=1

Package List:

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

kernel-default-3.0.101-0.47.106.22.1
kernel-default-base-3.0.101-0.47.106.22.1
kernel-default-devel-3.0.101-0.47.106.22.1
kernel-source-3.0.101-0.47.106.22.1
kernel-syms-3.0.101-0.47.106.22.1
kernel-trace-3.0.101-0.47.106.22.1
kernel-trace-base-3.0.101-0.47.106.22.1
kernel-trace-devel-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

kernel-ec2-3.0.101-0.47.106.22.1
kernel-ec2-base-3.0.101-0.47.106.22.1
kernel-ec2-devel-3.0.101-0.47.106.22.1
kernel-xen-3.0.101-0.47.106.22.1
kernel-xen-base-3.0.101-0.47.106.22.1
kernel-xen-devel-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

kernel-bigsmp-3.0.101-0.47.106.22.1
kernel-bigsmp-base-3.0.101-0.47.106.22.1
kernel-bigsmp-devel-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

kernel-default-man-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

kernel-pae-3.0.101-0.47.106.22.1
kernel-pae-base-3.0.101-0.47.106.22.1
kernel-pae-devel-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-bigsmp-extra-3.0.101-0.47.106.22.1
kernel-trace-extra-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

kernel-default-3.0.101-0.47.106.22.1
kernel-default-base-3.0.101-0.47.106.22.1
kernel-default-devel-3.0.101-0.47.106.22.1
kernel-ec2-3.0.101-0.47.106.22.1
kernel-ec2-base-3.0.101-0.47.106.22.1
kernel-ec2-devel-3.0.101-0.47.106.22.1
kernel-pae-3.0.101-0.47.106.22.1
kernel-pae-base-3.0.101-0.47.106.22.1
kernel-pae-devel-3.0.101-0.47.106.22.1
kernel-source-3.0.101-0.47.106.22.1
kernel-syms-3.0.101-0.47.106.22.1
kernel-trace-3.0.101-0.47.106.22.1
kernel-trace-base-3.0.101-0.47.106.22.1
kernel-trace-devel-3.0.101-0.47.106.22.1
kernel-xen-3.0.101-0.47.106.22.1
kernel-xen-base-3.0.101-0.47.106.22.1
kernel-xen-devel-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

kernel-default-debuginfo-3.0.101-0.47.106.22.1
kernel-default-debugsource-3.0.101-0.47.106.22.1
kernel-trace-debuginfo-3.0.101-0.47.106.22.1
kernel-trace-debugsource-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-0.47.106.22.1
kernel-ec2-debugsource-3.0.101-0.47.106.22.1
kernel-xen-debuginfo-3.0.101-0.47.106.22.1
kernel-xen-debugsource-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

kernel-bigsmp-debuginfo-3.0.101-0.47.106.22.1
kernel-bigsmp-debugsource-3.0.101-0.47.106.22.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

kernel-pae-debuginfo-3.0.101-0.47.106.22.1
kernel-pae-debugsource-3.0.101-0.47.106.22.1

References:

https://www.suse.com/security/cve/CVE-2015-5156.html
https://www.suse.com/security/cve/CVE-2016-7915.html
https://www.suse.com/security/cve/CVE-2017-0861.html
https://www.suse.com/security/cve/CVE-2017-12190.html
https://www.suse.com/security/cve/CVE-2017-13166.html
https://www.suse.com/security/cve/CVE-2017-16644.html
https://www.suse.com/security/cve/CVE-2017-16911.html
https://www.suse.com/security/cve/CVE-2017-16912.html
https://www.suse.com/security/cve/CVE-2017-16913.html
https://www.suse.com/security/cve/CVE-2017-16914.html
https://www.suse.com/security/cve/CVE-2017-18203.html
https://www.suse.com/security/cve/CVE-2017-18208.html
https://www.suse.com/security/cve/CVE-2018-10087.html
https://www.suse.com/security/cve/CVE-2018-10124.html
https://www.suse.com/security/cve/CVE-2018-1087.html
https://www.suse.com/security/cve/CVE-2018-6927.html
https://www.suse.com/security/cve/CVE-2018-7566.html
https://www.suse.com/security/cve/CVE-2018-7757.html
https://www.suse.com/security/cve/CVE-2018-8822.html
https://www.suse.com/security/cve/CVE-2018-8897.html
https://bugzilla.suse.com/1010470
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1052943
https://bugzilla.suse.com/1062568
https://bugzilla.suse.com/1062840
https://bugzilla.suse.com/1063416
https://bugzilla.suse.com/1067118
https://bugzilla.suse.com/1072689
https://bugzilla.suse.com/1072865
https://bugzilla.suse.com/1078669
https://bugzilla.suse.com/1078672
https://bugzilla.suse.com/1078673
https://bugzilla.suse.com/1078674
https://bugzilla.suse.com/1080464
https://bugzilla.suse.com/1080757
https://bugzilla.suse.com/1082424
https://bugzilla.suse.com/1083242
https://bugzilla.suse.com/1083483
https://bugzilla.suse.com/1083494
https://bugzilla.suse.com/1084536
https://bugzilla.suse.com/1085331
https://bugzilla.suse.com/1086162
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1087209
https://bugzilla.suse.com/1087260
https://bugzilla.suse.com/1087762
https://bugzilla.suse.com/1088147
https://bugzilla.suse.com/1088260
https://bugzilla.suse.com/1089608
https://bugzilla.suse.com/1089752
https://bugzilla.suse.com/940776


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:1173-1
Rating: important
References: #1012382 #1031717 #1046610 #1057734 #1070536
#1075428 #1076847 #1077560 #1082153 #1082299
#1083125 #1083745 #1083836 #1084353 #1084610
#1084721 #1084829 #1085042 #1085185 #1085224
#1085402 #1085404 #1086162 #1086194 #1087088
#1087260 #1087845 #1088241 #1088242 #1088600
#1088684 #1089198 #1089608 #1089644 #1089752
#1090643
Cross-References: CVE-2017-18257 CVE-2018-10087 CVE-2018-10124
CVE-2018-1087 CVE-2018-7740 CVE-2018-8043
CVE-2018-8781 CVE-2018-8822 CVE-2018-8897

Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Enterprise Storage 4
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 27 fixes is
now available.

Description:

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to
receive various security and bugfixes.

The following security bugs were fixed:

– CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
had an integer-overflow vulnerability that allowed local users with
access to the udldrmfb driver to obtain full read and write permissions
on kernel physical pages, resulting in a code execution in kernel space
(bnc#1090643).
– CVE-2018-10124: The kill_something_info function in kernel/signal.c
might have allowed local users to cause a denial of service via an
INT_MIN argument (bnc#1089752).
– CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have
allowed local users to cause a denial of service by triggering an
attempted use of the -INT_MIN value (bnc#1089608).
– CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the
Linux kernel allowed local users to cause a denial of service (integer
overflow and loop) via crafted use of the open and fallocate system
calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)
– CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
NCPFS servers to crash the kernel or execute code (bnc#1086162).
– CVE-2018-8043: The unimac_mdio_probe function in
drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource
availability, which allowed local users to cause a denial of service
(NULL pointer dereference) (bnc#1084829).
– CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed
local users to cause a denial of service (BUG) via a crafted application
that made mmap system calls and has a large pgoff argument to the
remap_file_pages system call (bnc#1084353).
– CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to
potentially escalate their privileges inside a guest. (bsc#1087088)
– CVE-2018-8897: An unprivileged system user could use incorrect set up
interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)

The following non-security bugs were fixed:

– alsa: hda/realtek – Fix speaker no sound after system resume
(bsc#1031717).
– alsa: hda: Add a power_save blacklist (bnc#1012382).
– alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382).
– arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).
– arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382).
– kvm: mmu: Fix overlap between public and private memslots (bnc#1012382).
– Partial revert “e1000e: Avoid receiver overrun interrupt bursts”
(bsc#1075428).
– Revert “e1000e: Separate signaling for link check/link up” (bsc#1075428).
– Revert “led: core: Fix brightness setting when setting delay_off=0”
(bnc#1012382).
– Revert “watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).” This
reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70.
– bpf, x64: implement retpoline for tail call (bnc#1012382).
– bridge: check brport attr show in brport_show (bnc#1012382).
– btrfs: Only check first key for committed tree blocks (bsc#1084721).
– btrfs: Validate child tree block’s level and first key (bsc#1084721).
– btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382).
– ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684).
– cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382).
– dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).
– dm io: fix duplicate bio completion due to missing ref count
(bnc#1012382).
– drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717).
– drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit
(bsc#1031717).
– e1000e: Avoid missed interrupts following ICR read (bsc#1075428).
– e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428).
– e1000e: Fix check_for_link return value with autoneg off (bsc#1075428).
– e1000e: Fix link check race condition (bsc#1075428).
– e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428).
– e1000e: Remove Other from EIAC (bsc#1075428).
– fib_semantics: Do not match route with mismatching tclassid
(bnc#1012382).
– fs/hugetlbfs/inode.c: change put_page/unlock_page order in
hugetlbfs_fallocate() (git-fixes, bsc#1083745).
– hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382).
– hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353).
– ibmvfc: Avoid unnecessary port relogin (bsc#1085404).
– ibmvnic: Clear pending interrupt after device reset (bsc#1089644).
– ibmvnic: Define vnic_login_client_data name field as unsized array
(bsc#1089198).
– ibmvnic: Disable irqs before exiting reset from closed state
(bsc#1084610).
– ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).
– ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600).
– ibmvnic: Fix DMA mapping mistakes (bsc#1088600).
– ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600).
– ibmvnic: Fix reset return from closed state (bsc#1084610).
– ibmvnic: Fix reset scheduler error handling (bsc#1088600).
– ibmvnic: Handle all login error conditions (bsc#1089198).
– ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224,
git-fixes).
– ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224).
– ibmvnic: Update TX pool cleaning routine (bsc#1085224).
– ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600).
– ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382).
– kGraft: fix small race in reversion code (bsc#1083125).
– kabi/severities: Ignore kgr_shadow_* kABI changes
– kvm/x86: fix icebp instruction handling (bnc#1012382).
– livepatch: Allow to call a custom callback when freeing shadow variables
(bsc#1082299 fate#313296).
– livepatch: Initialize shadow variables safely by a custom callback
(bsc#1082299 fate#313296).
– mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717).
– md-cluster: fix wrong condition check in raid1_write_request
(bsc#1085402).
– media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).
– media: cx25821: prevent out-of-bounds read on array card (bsc#1031717).
– media: m88ds3103: do not call a non-initalized function (bnc#1012382).
– media: s3c-camif: fix out-of-bounds array access (bsc#1031717).
– mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353).
– mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382).
– net: fix race on decreasing number of TX queues (bnc#1012382).
– net: ipv4: avoid unused variable warning for sysctl (git-fixes).
– net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68
(bnc#1012382).
– net: mpls: Pull common label check into helper (bnc#1012382).
– netlink: ensure to loop over all netns in genlmsg_multicast_allns()
(bnc#1012382).
– nospec: Allow index argument to have const-qualified type (bnc#1012382).
– perf/x86/intel: Add model number for Skylake Server to perf
(FATE#321269).
– powerpc/crash: Remove the test for cpu_online in the IPI callback
(bsc#1088242).
– powerpc: Do not send system reset request through the oops path
(bsc#1088242).
– powerpc: System reset avoid interleaving oops using die synchronisation
(bsc#1088242).
– ppp: prevent unregistered channels from connecting to PPP units
(bnc#1012382).
– regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write()
(bsc#1031717).
– regmap: Do not use format_val in regmap_bulk_read (bsc#1031717).
– regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717).
– regmap: Format data for raw write in regmap_bulk_write (bsc#1031717).
– rpm/config.sh: ensure sorted patches.
– s390/cpuinfo: show facilities as reported by stfle (bnc#1076847,
LTC#163740).
– s390/qeth: fix IPA command submission race (bnc#1012382).
– s390/qeth: fix SETIP command handling (bnc#1012382).
– sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382).
– sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382).
– sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382).
– storvsc: do not schedule work elements during host reset (bsc#1070536,
bsc#1057734).
– storvsc_drv: use embedded work structure for host rescan (bsc#1070536,
bsc#1057734).
– storvsc_drv: use separate workqueue for rescan (bsc#1070536,
bsc#1057734).
– swap: divide-by-zero when zero length swap file on ssd (bsc#1082153).
– tpm: st33zp24: fix potential buffer overruns caused by bit glitches on
the bus (bnc#1012382).
– tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches
on the bus (bnc#1012382).
– tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on
the bus (bnc#1012382).
– udplite: fix partial checksum initialization (bnc#1012382).
– watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).
– x86/apic/vector: Handle legacy irq data correctly (bnc#1012382).
– x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
– x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560
bsc#1083836).
– x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560
bsc#1083836).
– x86/kaiser: Use a per-CPU trampoline stack for kernel entry
(bsc#1077560).
– x86/kaiser: enforce trampoline stack alignment (bsc#1087260).
– x86/speculation: Remove Skylake C2 from Speculation Control microcode
blacklist (bsc#1087845).
– xen-blkfront: fix mq start/stop race (bsc#1085042).
– xen-netback: use skb to determine number of required guest Rx requests
(bsc#1046610).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2018-814=1

– SUSE Linux Enterprise Server for SAP 12-SP2:

zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-814=1

– SUSE Linux Enterprise Server 12-SP2-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-814=1

– SUSE Enterprise Storage 4:

zypper in -t patch SUSE-Storage-4-2018-814=1

– OpenStack Cloud Magnum Orchestration 7:

zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-814=1

Package List:

– SUSE OpenStack Cloud 7 (s390x x86_64):

kernel-default-4.4.121-92.73.1
kernel-default-base-4.4.121-92.73.1
kernel-default-base-debuginfo-4.4.121-92.73.1
kernel-default-debuginfo-4.4.121-92.73.1
kernel-default-debugsource-4.4.121-92.73.1
kernel-default-devel-4.4.121-92.73.1
kernel-syms-4.4.121-92.73.1

– SUSE OpenStack Cloud 7 (x86_64):

kgraft-patch-4_4_121-92_73-default-1-3.3.1

– SUSE OpenStack Cloud 7 (noarch):

kernel-devel-4.4.121-92.73.1
kernel-macros-4.4.121-92.73.1
kernel-source-4.4.121-92.73.1

– SUSE OpenStack Cloud 7 (s390x):

kernel-default-man-4.4.121-92.73.1

– SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):

kernel-default-4.4.121-92.73.1
kernel-default-base-4.4.121-92.73.1
kernel-default-base-debuginfo-4.4.121-92.73.1
kernel-default-debuginfo-4.4.121-92.73.1
kernel-default-debugsource-4.4.121-92.73.1
kernel-default-devel-4.4.121-92.73.1
kernel-syms-4.4.121-92.73.1

– SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):

kgraft-patch-4_4_121-92_73-default-1-3.3.1

– SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):

kernel-devel-4.4.121-92.73.1
kernel-macros-4.4.121-92.73.1
kernel-source-4.4.121-92.73.1

– SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):

kernel-default-4.4.121-92.73.1
kernel-default-base-4.4.121-92.73.1
kernel-default-base-debuginfo-4.4.121-92.73.1
kernel-default-debuginfo-4.4.121-92.73.1
kernel-default-debugsource-4.4.121-92.73.1
kernel-default-devel-4.4.121-92.73.1
kernel-syms-4.4.121-92.73.1

– SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):

kgraft-patch-4_4_121-92_73-default-1-3.3.1

– SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):

kernel-devel-4.4.121-92.73.1
kernel-macros-4.4.121-92.73.1
kernel-source-4.4.121-92.73.1

– SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):

kernel-default-man-4.4.121-92.73.1

– SUSE Enterprise Storage 4 (x86_64):

kernel-default-4.4.121-92.73.1
kernel-default-base-4.4.121-92.73.1
kernel-default-base-debuginfo-4.4.121-92.73.1
kernel-default-debuginfo-4.4.121-92.73.1
kernel-default-debugsource-4.4.121-92.73.1
kernel-default-devel-4.4.121-92.73.1
kernel-syms-4.4.121-92.73.1
kgraft-patch-4_4_121-92_73-default-1-3.3.1

– SUSE Enterprise Storage 4 (noarch):

kernel-devel-4.4.121-92.73.1
kernel-macros-4.4.121-92.73.1
kernel-source-4.4.121-92.73.1

– OpenStack Cloud Magnum Orchestration 7 (x86_64):

kernel-default-4.4.121-92.73.1
kernel-default-debuginfo-4.4.121-92.73.1
kernel-default-debugsource-4.4.121-92.73.1

References:

https://www.suse.com/security/cve/CVE-2017-18257.html
https://www.suse.com/security/cve/CVE-2018-10087.html
https://www.suse.com/security/cve/CVE-2018-10124.html
https://www.suse.com/security/cve/CVE-2018-1087.html
https://www.suse.com/security/cve/CVE-2018-7740.html
https://www.suse.com/security/cve/CVE-2018-8043.html
https://www.suse.com/security/cve/CVE-2018-8781.html
https://www.suse.com/security/cve/CVE-2018-8822.html
https://www.suse.com/security/cve/CVE-2018-8897.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1046610
https://bugzilla.suse.com/1057734
https://bugzilla.suse.com/1070536
https://bugzilla.suse.com/1075428
https://bugzilla.suse.com/1076847
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1082153
https://bugzilla.suse.com/1082299
https://bugzilla.suse.com/1083125
https://bugzilla.suse.com/1083745
https://bugzilla.suse.com/1083836
https://bugzilla.suse.com/1084353
https://bugzilla.suse.com/1084610
https://bugzilla.suse.com/1084721
https://bugzilla.suse.com/1084829
https://bugzilla.suse.com/1085042
https://bugzilla.suse.com/1085185
https://bugzilla.suse.com/1085224
https://bugzilla.suse.com/1085402
https://bugzilla.suse.com/1085404
https://bugzilla.suse.com/1086162
https://bugzilla.suse.com/1086194
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1087260
https://bugzilla.suse.com/1087845
https://bugzilla.suse.com/1088241
https://bugzilla.suse.com/1088242
https://bugzilla.suse.com/1088600
https://bugzilla.suse.com/1088684
https://bugzilla.suse.com/1089198
https://bugzilla.suse.com/1089608
https://bugzilla.suse.com/1089644
https://bugzilla.suse.com/1089752
https://bugzilla.suse.com/1090643


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske jezgre

Otkriveni su sigurnosni nedostaci u programskoj jezgri za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje viših privilegija,...

Close