Security update for HA kernel modules

SUSE Security Update: Security update for HA kernel modules

---

Announcement ID:	SUSE-SU-2018:1486-1
Rating:	moderate
References:	#1068032 #936517 #962257
Affected Products:	SUSE Linux Enterprise High Availability 12

---

An update that solves one vulnerability and has two fixes is now available.

Description:

This update provides rebuilds of HA kernel modules with retpoline support
to mitigate Spectre Variant 2 (CVE-2017-5715 bsc#1068032)

cluster fs also received these bugfixes:

- backport patch to fix dlmglue false deadlock (bnc#962257)
- Fix for online increase of filesystem in kernel mode fails (bsc#936517).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise High Availability 12:
  zypper in -t patch SUSE-SLE-HA-12-2018-1014=1

Package List:

• SUSE Linux Enterprise High Availability 12 (s390x x86_64):
  • cluster-network-kmp-default-1.4_k3.12.61_52.133-26.4.1
  • cluster-network-kmp-default-debuginfo-1.4_k3.12.61_52.133-26.4.1
  • dlm-kmp-default-4.0.2_k3.12.61_52.133-22.5.1
  • dlm-kmp-default-debuginfo-4.0.2_k3.12.61_52.133-22.5.1
  • drbd-8.4.4.7-9.11.1
  • drbd-debuginfo-8.4.4.7-9.11.1
  • drbd-debugsource-8.4.4.7-9.11.1
  • drbd-kmp-default-8.4.4.7_k3.12.61_52.133-9.11.1
  • drbd-kmp-default-debuginfo-8.4.4.7_k3.12.61_52.133-9.11.1
  • gfs2-kmp-default-3.1.6_k3.12.61_52.133-22.5.1
  • gfs2-kmp-default-debuginfo-3.1.6_k3.12.61_52.133-22.5.1
  • ocfs2-kmp-default-1.8.2_k3.12.61_52.133-22.5.1
  • ocfs2-kmp-default-debuginfo-1.8.2_k3.12.61_52.133-22.5.1
• SUSE Linux Enterprise High Availability 12 (x86_64):
  • cluster-network-kmp-xen-1.4_k3.12.61_52.133-26.4.1
  • cluster-network-kmp-xen-debuginfo-1.4_k3.12.61_52.133-26.4.1
  • dlm-kmp-xen-4.0.2_k3.12.61_52.133-22.5.1
  • dlm-kmp-xen-debuginfo-4.0.2_k3.12.61_52.133-22.5.1
  • drbd-kmp-xen-8.4.4.7_k3.12.61_52.133-9.11.1
  • drbd-kmp-xen-debuginfo-8.4.4.7_k3.12.61_52.133-9.11.1
  • gfs2-kmp-xen-3.1.6_k3.12.61_52.133-22.5.1
  • gfs2-kmp-xen-debuginfo-3.1.6_k3.12.61_52.133-22.5.1
  • ocfs2-kmp-xen-1.8.2_k3.12.61_52.133-22.5.1
  • ocfs2-kmp-xen-debuginfo-1.8.2_k3.12.61_52.133-22.5.1

References:

• https://www.suse.com/security/cve/CVE-2017-5715.html
• https://bugzilla.suse.com/1068032
• https://bugzilla.suse.com/936517
• https://bugzilla.suse.com/962257